nccgroup / KilledProcessCanary
A canary designed to minimize the impact from certain Ransomware actors
☆98Updated 3 years ago
Related projects ⓘ
Alternatives and complementary repositories for KilledProcessCanary
- Simple PowerShell script to enable process scanning with Yara.☆90Updated 2 years ago
- This repository contains procedures found in the Feb 2022 conti leaks. They were taken from the "manual_teams_c" rocketchat channel in th…☆87Updated 2 years ago
- PacketSifter is a tool/script that is designed to aid analysts in sifting through a packet capture (pcap) to find noteworthy traffic. Pac…☆93Updated 3 years ago
- This repository aims to collect and document indicators from the different C2's listed in the C2-Matrix☆72Updated 2 years ago
- My conference presentations☆66Updated last year
- Blueteam operational triage registry hunting/forensic tool.☆142Updated last year
- A simple command line program to help defender test their detections for network beacon patterns and domain fronting☆65Updated 2 years ago
- CyberChef - Detection Engineering, TI, DFIR, Malware Analysis Edition☆62Updated 2 years ago
- Pushes Sysmon Configs☆89Updated 3 years ago
- Useful access control entries (ACE) on system access control list (SACL) of securable objects to find potential adversarial activity☆88Updated 2 years ago
- Rip Raw is a small tool to analyse the memory of compromised Linux systems.☆131Updated 2 years ago
- ☆37Updated 2 years ago
- YARI is an interactive debugger for YARA Language.☆88Updated this week
- A python script to acquire multiple aws ec2 instances in a forensically sound-ish way☆37Updated 3 years ago
- C# User Simulation☆33Updated 2 years ago
- A simple binary wrapper for DNS canarytokens.☆24Updated 2 years ago
- Active C2 IoCs☆96Updated last year
- Detect possible sysmon logging bypasses given a specific configuration☆107Updated 5 years ago
- labs_modern_malware_c2 Originally supporting Defcon workshop, will morph into Attack Defend for C2.☆18Updated 2 years ago
- Using Microsoft 365 App Passwords for persistence☆23Updated 4 years ago
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆68Updated 11 months ago
- evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.☆146Updated 2 years ago
- XOR Key Extractor☆48Updated 3 months ago
- 100 Days of YARA to be updated with rules & ideas as the year progresses☆56Updated last year
- Repository with all the Solarwinds Vulnerability information I've been tracking and using for communications, review, and technical under…☆25Updated 3 years ago
- A library for fast parse & import of Windows Eventlogs into Elasticsearch.☆81Updated 4 months ago
- ☆108Updated 3 years ago
- Registry permission scanner written in C# for finding potential privesc avenues within registry☆84Updated 3 years ago
- Powershell Event Tracing Toolbox☆72Updated 2 years ago
- PSAttck is a light-weight framework for the MITRE ATT&CK Framework.☆38Updated 2 years ago