ryanmrestivo / blue-team
Some portable tools, some YARA, some Python, and a little bit of love. Not all of these tools can be used in incident response. Use PEs with caution.
☆34Updated last year
Alternatives and similar repositories for blue-team:
Users that are interested in blue-team are comparing it to the libraries listed below
- Active Directory Group Policy analyzer☆14Updated 5 years ago
- This is a repo for fetching Applocker event log by parsing the win-event log☆30Updated 2 years ago
- Go module that allows you to authenticate to Azure with a well known client ID using interactive logon and grab the token☆25Updated 2 years ago
- Bloodhound Portable for Windows☆51Updated 2 years ago
- Evtx Log (xml) Browser☆56Updated 2 years ago
- Threat Mitigation Strategies☆25Updated last year
- Parser for Windows PowerShell script block logs☆13Updated 3 months ago
- ☆22Updated 3 weeks ago
- ☆38Updated 3 years ago
- Defensive-oriented Active Directory enumeration☆23Updated 9 years ago
- Send High & New Incidents to The Hive incident management Platform☆18Updated 4 years ago
- ☆17Updated 2 years ago
- Offensive tool for guessing Active Directory credentials via Kerberos☆9Updated last year
- ☆7Updated last year
- Enumerate Microsoft 365 Groups in a tenant with their metadata☆52Updated 4 years ago
- Specific guidance and configuration scripts based on Microsoft-recommended security configuration baselines for Windows.☆13Updated 4 years ago
- ☆15Updated 3 years ago
- ☆45Updated last year
- Takes the original idea of NetCease and adds functionality☆24Updated 3 years ago
- Just a bunch of code snippets to identify and remediate common Active Directory Certificate Services issues.☆32Updated last year
- A PowerShell script that checks for dangerous ACLs on system hives and shadows☆28Updated 3 years ago
- ☆35Updated 2 years ago
- Triaging Windows event logs based on SANS Poster☆39Updated 2 years ago
- Azure AD Incident Response☆25Updated 3 years ago
- Powershell script to build active directory forest and populate AD with random AD objects including AD users objects, computers objects, …☆33Updated 3 years ago
- A script designed to test passwords against user accounts within an Active Directory environment, offering customizable Account Lockout T…☆14Updated last year
- General Content☆26Updated 8 months ago
- EventLogSilencer is a PowerShell script designed for disable Windows Event Logging☆16Updated last year
- A not-at-all-ordered compilation of random security-related powershell scripts :-)☆11Updated 3 years ago
- Creates an ATT&CK Navigator map of an Adversary Emulation Plan☆17Updated 3 years ago