Displaying 1 to 9 from 9 results

ThreatHunter-Playbook - A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns

  •    

A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns by leveraging Sysmon and Windows Events logs. This project will provide specific chains of events exclusively at the host level so that you can take them and develop logic to deploy queries or alerts in your preferred tool or format such as Splunk, ELK, Sigma, GrayLog etc. This repo will follow the structure of the MITRE ATT&CK framework which categorizes post-compromise adversary behavior in tactical groups. In addition, it will provide information about hunting tools/platforms developed by the infosec community for testing and enterprise-wide hunting.Can't wait to see other hunters' pull requests with awesome ideas to detect advanced patterns of behavior. The more chains of events you contribute the better this playbook will be for the community.

DetectionLab - Vagrant & Packer scripts to build a lab environment complete with security tooling and logging best practices

  •    HTML

This lab has been designed with defenders in mind. Its primary purpose is to allow the user to quickly build a Windows domain that comes pre-loaded with security tooling and some best practices when it comes to system logging configurations. It can easily be modified to fit most needs or expanded to include additional hosts.NOTE: This lab has not been hardened in any way and runs with default vagrant credentials. Please do not connect or bridge it to any networks you care about. This lab is deliberately designed to be insecure; the primary purpose of it is to provide visibility and introspection into each host.

cacador - Indicator Extractor

  •    Go

Cacador (Portugese for hunter) is tool for extracting common indicators of compromise from a block of text. The easiest way to get cacador is to download the latest release for your platform. Good? Great.

hubot-vtr-scripts - Scripts for making Hubot a CND Sidekick

  •    CoffeeScript

This is Hubot VTR, a series of Hubot actions for making Hubot a Computer Network Defense badass. The goal of this project is to create a series of Hubot actions for OSINT collection, Network Forensics, System Forensics, Reverse Engineering and other Network Defense tasks. I gave a presentation about Hubot VTR at BSidesDFW. Check out my slides.




docker-volatility - Volatility Dockerfile

  •    Makefile

This repository contains a Dockerfile of Volatility. Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue and I'll get right on it.

ansible-volatility - An Ansible role for deploying the Volatility memory forensics framework.

  •    

This role is for use by DFIR/security options teams to quickly deploy and manage a Linux system to be used for memory forensics using the Volatility Framework. Typically, when applying this role in an environment, I would simply set the forensics variable to true for the host or group of hosts that will be used for forensics work in the group_vars or host_vars file. The user is a simple list of the users who will be performing work using Volatility.

TA-Sysmon-deploy - Deploy and maintain Symon through the Splunk Deployment Sever

  •    Batchfile

Deploy and maintain Sysmon through the Splunk Deployment Server. This will enable you to have all systems running the same version of Sysmon and the same up-to-date configuration. No more logging in to all servers and installing it manually or having to negotiate a GPO change.

mac_apt - macOS Artifact Parsing Tool

  •    Python

macOS Artifact Parsing Tool


zombieant - Zombie Ant Farm: Primitives and Offensive Tooling for Linux EDR evasion.

  •    C

Because monolithic offensive tools are never enough and building your own offensive strategies and tools is fun. THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.