ryanmrestivo / blue-teamLinks
Some portable tools, some YARA, some Python, and a little bit of love. Not all of these tools can be used in incident response. Use PEs with caution.
☆38Updated 5 months ago
Alternatives and similar repositories for blue-team
Users that are interested in blue-team are comparing it to the libraries listed below
Sorting:
- Evtx Log (xml) Browser☆55Updated 2 years ago
- gundog - guided hunting in Microsoft Defender☆52Updated 4 years ago
- Provides an advanced baseline to implement a secure Windows auditing strategy on Windows OS.☆56Updated 4 months ago
- ☆45Updated 2 years ago
- PowerShell scripts for fast Windows Event Collector configuration with Palantir toolset☆22Updated 3 years ago
- A windows hardening script that makes it difficult to compromise a Windows device. Only for use during Blue-Team Competitions.☆27Updated last year
- Powershell script to build active directory forest and populate AD with random AD objects including AD users objects, computers objects, …☆38Updated 3 years ago
- Placeholder for my detection repo and misc detection engineering content☆42Updated last year
- Query user sessions for the entire domain (Interactive/RDP etc), allowing you to query a Username and see all their logged on sessions, w…☆94Updated 6 months ago
- This script enhances endpoint logging telemetry for the purpose of advanced malware threat detection or for building detections or malwar…☆33Updated 6 months ago
- Windows Security Logging☆43Updated 3 years ago
- Triaging Windows event logs based on SANS Poster☆40Updated last month
- A quick and easy PowerShell script to collect a packet trace with option to convert .etl to .pcap.☆39Updated 2 years ago
- Active Directory Group Policy analyzer☆18Updated 6 years ago
- Bloodhound Portable for Windows☆52Updated 2 years ago
- Simple PowerShell script to enable process scanning with Yara.☆96Updated 3 years ago
- A GUI to query the API of abuse.ch.☆70Updated 3 years ago
- General Content☆26Updated last year
- Azure AD Incident Response☆26Updated 4 years ago
- PowerHunt is a modular threat hunting framework written in PowerShell that leverages PowerShell Remoting for data collection on scale.☆71Updated 10 months ago
- Powershell Event Tracing Toolbox☆78Updated 3 years ago
- Assist analyst and threat hunters to understand Windows authentication logs and to analyze brutforce scenarios.☆18Updated 2 years ago
- Enumerate Microsoft 365 Groups in a tenant with their metadata☆55Updated 4 years ago
- ESXi Cyber Security Incident Response Script☆25Updated last year
- Go module that allows you to authenticate to Azure with a well known client ID using interactive logon and grab the token☆26Updated 2 years ago
- Build a domain with three quick PowerShell scripts!☆29Updated 5 years ago
- Specific guidance and configuration scripts based on Microsoft-recommended security configuration baselines for Windows.☆14Updated 5 years ago
- PowerShell wrapper for nmap, allows easy scanning of many hosts and subnets☆17Updated 7 years ago
- Kerberoast Detection Script☆30Updated 11 months ago
- Defensive-oriented Active Directory enumeration☆23Updated 9 years ago