petebryan / blue_team_con
☆17Updated 2 years ago
Alternatives and similar repositories for blue_team_con:
Users that are interested in blue_team_con are comparing it to the libraries listed below
- ☆41Updated 2 years ago
- ☆72Updated 5 months ago
- Jupyter notebooks☆23Updated 4 years ago
- This repository is used by FalconForce to release parts of the internal tools used for maintaining, validating and automatically deployin…☆15Updated 2 years ago
- ☆47Updated this week
- Azure function to insert MISP data in to Azure Sentinel☆32Updated 2 years ago
- Repo with supporting material for the talk titled "Cracking the Beacon: Automating the extraction of implant configurations"☆11Updated 2 months ago
- SigmaHQ pySigma CrowdStrike processing pipeline☆24Updated 6 months ago
- Microsoft GPO Readiness Lateral Movement Detection Tool☆16Updated 2 years ago
- ☆11Updated 2 years ago
- REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.☆32Updated 2 months ago
- Collection of scripts/resources/ideas for attack surface reduction and additional logging to enable better threat hunting on Windows endp…☆38Updated last year
- A WDAC configuration repository with the sole intention of enriching MDE☆28Updated 2 years ago
- ☆16Updated 2 years ago
- ☆41Updated 3 years ago
- Random tips and tricks RE: ransomware☆14Updated 3 years ago
- PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.☆36Updated last year
- Hunting Queries for Microsoft Defender Security Center https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defe…☆39Updated 4 years ago
- Azure AD Incident Response☆25Updated 3 years ago
- The idea is simply to save some quick notes that will make it easier for Splunk users to leverage KQL (Kusto), especially giving projects…☆41Updated 4 years ago
- A project that aims to automate Volatility3 at scale with the use of cloud strength and the power of KQL inside ADX.☆16Updated 4 months ago
- ☆21Updated 2 years ago
- List of custom developed KQL queries to help proactive security teams hunt for opportunistic and sophisticated threat activity by develop…☆26Updated 3 years ago
- This repository contains sample log data that were collected after running adversary simulations in Microsoft 365☆20Updated 6 months ago
- Cumulonimbus-UAL_Extractor is a PowerShell based tool created by the Tesorion CERT team to help gather the Unified Audit Logging out of a…☆19Updated last year
- Get-MiniTimeline - Triage Collection and Timeline Generation w/ KAPE☆30Updated 10 months ago
- Power-Forensics is the Best Friend for Incident Responders to perform IR and collect evidences for Linux based host☆11Updated last year
- Invoke-Forensics provides PowerShell commands to simplify working with the forensic tools KAPE and RegRipper.☆114Updated last year
- A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation☆77Updated 10 months ago
- ☆34Updated 5 months ago