nccgroup / KilledProcessCanary
A canary designed to minimize the impact from certain Ransomware actors
☆98Updated 3 years ago
Related projects ⓘ
Alternatives and complementary repositories for KilledProcessCanary
- My conference presentations☆66Updated last year
- XOR Key Extractor☆48Updated 3 months ago
- Detect possible sysmon logging bypasses given a specific configuration☆107Updated 5 years ago
- Threat intelligence and threat detection indicators (IOC, IOA)☆53Updated 3 years ago
- ☆37Updated 2 years ago
- Active C2 IoCs☆96Updated last year
- Useful access control entries (ACE) on system access control list (SACL) of securable objects to find potential adversarial activity☆88Updated 2 years ago
- Using Microsoft 365 App Passwords for persistence☆23Updated 4 years ago
- Powershell Event Tracing Toolbox☆72Updated 2 years ago
- This repository aims to collect and document indicators from the different C2's listed in the C2-Matrix☆72Updated 2 years ago
- Blueteam operational triage registry hunting/forensic tool.☆142Updated last year
- ☆108Updated 3 years ago
- Stand-alone parser for User Access Logging from Server 2012 and newer systems☆71Updated 10 months ago
- A collection of tools to interact with Microsoft Security Response Center API☆95Updated 10 months ago
- PS-TrustedDocuments: PowerShell script to handle information on trusted documents for Microsoft Office☆34Updated last year
- A repo to document API functions mapped to security events across diverse platforms☆74Updated 5 years ago
- A library for fast parse & import of Windows Eventlogs into Elasticsearch.☆82Updated 4 months ago
- ☆41Updated 7 months ago
- PSAttck is a light-weight framework for the MITRE ATT&CK Framework.☆38Updated 2 years ago
- Tool for assessing on-premises Microsoft servers authentication such as ADFS, Skype, Exchange, and RDWeb☆144Updated 3 years ago
- A python script to acquire multiple aws ec2 instances in a forensically sound-ish way☆37Updated 3 years ago
- Visual Studio Code Microsoft Sysinternal Sysmon configuration file extension.☆51Updated last year
- A simple command line program to help defender test their detections for network beacon patterns and domain fronting☆65Updated 2 years ago
- This repository was created to aid in the deployment/maintenance of the Sysmon service on a large number of computers.☆82Updated last year
- Pushes Sysmon Configs☆89Updated 3 years ago
- Automatically create YARA rules from malicious documents.☆208Updated 2 years ago
- C# User Simulation☆33Updated 2 years ago
- A Splunk Technology Add-on to forward filtered ETW events.☆30Updated 4 years ago
- A list of IOCs applicable to PoshC2☆24Updated 4 years ago
- A zero dependency and customizable Python library for scanning Windows and Linux process memory.☆63Updated 9 months ago