ryanmrestivo / blue-teamLinks
Some portable tools, some YARA, some Python, and a little bit of love. Not all of these tools can be used in incident response. Use PEs with caution.
☆36Updated last month
Alternatives and similar repositories for blue-team
Users that are interested in blue-team are comparing it to the libraries listed below
Sorting:
- Active Directory Group Policy analyzer☆14Updated 5 years ago
- This is a repo for fetching Applocker event log by parsing the win-event log☆31Updated 2 years ago
- Bloodhound Portable for Windows☆51Updated 2 years ago
- A quick and easy PowerShell script to collect a packet trace with option to convert .etl to .pcap.☆40Updated 2 years ago
- Just a bunch of code snippets to identify and remediate common Active Directory Certificate Services issues.☆32Updated last year
- Specific guidance and configuration scripts based on Microsoft-recommended security configuration baselines for Windows.☆13Updated 4 years ago
- Powershell script to build active directory forest and populate AD with random AD objects including AD users objects, computers objects, …☆35Updated 3 years ago
- Evtx Log (xml) Browser☆56Updated 2 years ago
- PowerShell scripts for fast Windows Event Collector configuration with Palantir toolset☆22Updated 3 years ago
- ASR Configurator, Essentials and Atomic Testing☆40Updated last month
- AD Live changes viewer☆36Updated 2 years ago
- Threat Simulator for Enterprise Networks☆14Updated 3 years ago
- Scans the filesystem for directories that are user-writeable☆11Updated 3 years ago
- gundog - guided hunting in Microsoft Defender☆52Updated 4 years ago
- Threat Mitigation Strategies☆25Updated last year
- ☆23Updated 2 months ago
- This script enhances endpoint logging telemetry for the purpose of advanced malware threat detection or for building detections or malwar…☆30Updated last month
- General Content☆26Updated 10 months ago
- PowerHunt is a modular threat hunting framework written in PowerShell that leverages PowerShell Remoting for data collection on scale.☆70Updated 5 months ago
- Simple PowerShell script to enable process scanning with Yara.☆93Updated 2 years ago
- Go module that allows you to authenticate to Azure with a well known client ID using interactive logon and grab the token☆26Updated 2 years ago
- Living off the False Positive!☆37Updated 4 months ago
- A tool to identify and remediate common misconfigurations in Active Directory Certificate Services☆15Updated last year
- Azure AD Incident Response☆25Updated 3 years ago
- ESXi Cyber Security Incident Response Script☆22Updated 8 months ago
- Kerberoast Detection Script☆30Updated 7 months ago
- ☆18Updated 3 years ago
- A script designed to test passwords against user accounts within an Active Directory environment, offering customizable Account Lockout T…☆14Updated last year
- ☆41Updated last year
- ☆35Updated 2 years ago