Simple Docker-based quickstart for osquery, Fleet, and ELK stack
☆64Sep 5, 2023Updated 2 years ago
Alternatives and similar repositories for fleet-osquery-in-a-box
Users that are interested in fleet-osquery-in-a-box are comparing it to the libraries listed below
Sorting:
- JXA script for Mythic that prints the TCC.db☆15Apr 18, 2021Updated 4 years ago
- event shipper for Carbon Black Defense notifications☆10Feb 25, 2023Updated 3 years ago
- Discover which process execute a hunted binary inside macOS☆27Dec 15, 2021Updated 4 years ago
- Launchd daemon that reports major OSX modifications through growl☆16Feb 19, 2015Updated 11 years ago
- ☆17Sep 10, 2021Updated 4 years ago
- A JXA script for enumerating running processes, printed out in a json, parent-child tree.☆14Jan 28, 2022Updated 4 years ago
- ☆15Aug 20, 2019Updated 6 years ago
- https://wojciechregula.blog/post/macos-red-teaming-get-ad-credentials-from-nomad/☆43Mar 4, 2022Updated 4 years ago
- Rules Shared by the Community from 100 Days of YARA 2023 -☆18Apr 10, 2023Updated 2 years ago
- Remotely collect linux live forensics artifacts.☆14Jul 8, 2022Updated 3 years ago
- python lib for simpleMDM API☆19Jan 10, 2024Updated 2 years ago
- POC for a basic C2 server using the python aiohttp framework☆15Mar 22, 2020Updated 5 years ago
- Swift code to parse the quarantine history database, Chrome history database, Safari history database, and Firefox history database on ma…☆16Dec 3, 2020Updated 5 years ago
- Provide a shell like interface by utilizing osquery's distributed API☆82Jun 24, 2020Updated 5 years ago
- Dockerfiles for containerized osquery☆14May 23, 2017Updated 8 years ago
- Use "Full Disk Access" permissions to read the contents of TCC.db and display it in human-readable format☆40Jul 27, 2021Updated 4 years ago
- Collection of operational focused osquery dashboards.☆11Jan 20, 2021Updated 5 years ago
- ☆29Feb 16, 2021Updated 5 years ago
- An Ubuntu 18.04 box for Mythic C2 framework development☆17Jun 17, 2022Updated 3 years ago
- A variation CredBandit that uses compression to reduce the size of the data that must be trasnmitted.☆19Jun 24, 2021Updated 4 years ago
- Swift code to run a dylib on disk☆16May 9, 2022Updated 3 years ago
- Various scripts for macOS tasks☆141Nov 24, 2025Updated 3 months ago
- Red Team tool for exfiltrating the target organization's Google People Directory that you have access to, via Google's API.☆58Sep 2, 2021Updated 4 years ago
- Python 3 library to build YARA rules.☆13Oct 24, 2021Updated 4 years ago
- Snort + Pulledpork + Websnort in Docker!☆22Nov 9, 2021Updated 4 years ago
- ☆15Apr 20, 2020Updated 5 years ago
- Catalog Red Team techniques that cause popups in various macOS versions☆15Nov 18, 2024Updated last year
- Boilerplate for smart contract development which includes all needed basic tools and linting☆17Oct 4, 2018Updated 7 years ago
- Scripts from my book OS X Incident Response Scripting and Analysis -> https://www.amazon.com/dp/012804456X/ref=cm_sw_r_tw_dp_U_x_fQeLAb68…☆50Sep 23, 2016Updated 9 years ago
- A collection of projects demonstrating various commandline cloaking techniques on Linux☆61Aug 4, 2022Updated 3 years ago
- Security Monitoring Resolution Categories☆138Nov 25, 2021Updated 4 years ago
- A CLI tool for leveraging IDP signing keys to impersonate users and groups☆19Apr 1, 2021Updated 4 years ago
- Apfell POC Chrome Extension Payload☆10Jun 24, 2020Updated 5 years ago
- Webshell agent in aspx and php☆27Dec 11, 2025Updated 3 months ago
- JXA script based on research by Jeff Johnson on leveraging TextEdit to remove quarantine attributes on files. Jeff's original research is…☆17Jan 31, 2021Updated 5 years ago
- A flexible control server for osquery fleets☆1,099Dec 15, 2020Updated 5 years ago
- ☆28Oct 15, 2025Updated 5 months ago
- Deploy MISP Project software with Vagrant.☆45Jun 15, 2020Updated 5 years ago
- ☆22Jan 2, 2026Updated 2 months ago