Displaying 1 to 17 from 17 results

atomic-red-team - Small and highly portable detection tests.

  •    PowerShell

Small and highly portable detection tests mapped to the Mitre ATT&CK Framework.Our Atomic Red Team tests are small, highly portable detection tests mapped to the MITRE ATT&CK Framework. Each test is designed to map back to a particular tactic. We hope that this gives defenders a highly actionable way to immediately start testing their defenses against a broad spectrum of attacks.

intelmq - IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol

  •    Python

IntelMQ is a solution for IT security teams (CERTs, CSIRTs, abuse departments,...) for collecting and processing security feeds (such as log files) using a message queuing protocol. It's a community driven initiative called IHAP (Incident Handling Automation Project) which was conceptually designed by European CERTs/CSIRTs during several InfoSec events. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs. See INSTALL.

DetectionLab - Vagrant & Packer scripts to build a lab environment complete with security tooling and logging best practices

  •    HTML

This lab has been designed with defenders in mind. Its primary purpose is to allow the user to quickly build a Windows domain that comes pre-loaded with security tooling and some best practices when it comes to system logging configurations. It can easily be modified to fit most needs or expanded to include additional hosts.NOTE: This lab has not been hardened in any way and runs with default vagrant credentials. Please do not connect or bridge it to any networks you care about. This lab is deliberately designed to be insecure; the primary purpose of it is to provide visibility and introspection into each host.




HELK - The Incredible HELK

  •    Shell

A Hunting ELK (Elasticsearch, Logstash, Kibana) with advanced analytic capabilities.At the end of the HELK installation, you will have a similar output with the information you need to access the primary HELK components. Remember that the default username and password for the HELK are helk:hunting.

Apache Spot - A Community Approach to Fighting Cyber Threats

  •    Java

Apache Spot is a community-driven cybersecurity project, built from the ground up, to bring advanced analytics to all IT Telemetry data on an open, scalable platform. pot expedites threat detection, investigation, and remediation via machine learning and consolidates all enterprise security data into a comprehensive IT telemetry hub based on open data models.

NOAH - PowerShell No Agent Hunting

  •    PowerShell

NOAH is an agentless open source Incident Response framework based on PowerShell, called "No Agent Hunting" (NOAH), to help security investigation responders to gather a vast number of key artifacts without installing any agent on the endpoints saving precious time.


PSHunt - Powershell Threat Hunting Module

  •    PowerShell

PSHunt is a Powershell Threat Hunting Module designed to scan remote endpoints* for indicators of compromise or survey them for more comprehensive information related to state of those systems (active processes, autostarts, configurations, and/or logs).PSHunt began as the precurser to Infocyte's commercial product, Infocyte HUNT, and is now being open sourced for the benefit of the DFIR community.

SkyArk - SkyArk helps to discover, assess and secure the most privileged entities in AWS

  •    PowerShell

SkyArk is a cloud security project with two helpful sub-modules - AWStealth and AWStrace. To help the cloud community in the effort of making cloud environments more secure. SkyArk currently focuses on mitigating the new threat of Cloud Shadow Admins, and helps organizations to discover, validate and protect cloud privileged entities. Stealthy and undercover cloud admins may reside in every public cloud platform and the tool at this time helps to mitigate the risk in AWS. In defensive/pentest/risk assessment procedures - make sure to address the threat and validate that those privileged entities are indeed well secured.

app_splunk_sysmon_hunter - Splunk App to assist Sysmon Threat Hunting

  •    

Download and deploy this app to your Splunk Search Head. A macro is used for all saved searches, you will need to modify it for your environment to ensure the proper Sysmon sourcetype/index is searched.

mobile-threat-catalogue - NIST/NCCoE Mobile Threat Catalogue

  •    HTML

In order to fully address the inherent threats of mobile devices, a wider view of the mobile ecosystem is necessary. This repository contains the Mobile Threat Catalogue, which describes, identifies, and structures the threats posed to mobile information systems. The associated report providing context and describing the origins of this repository is available here: NISTIR 8144: Assessing Threats to Mobile Devices & Infrastructure. Readers of the catalogue may notice threats that are not tied to a documented source or lack countermeasures, and other threats may exist that are not identified here. This catalogue is intended as a living document. Though the initial public comment period is now closed, feedback on mobile threats addressed in the catalogue as well as ideas for additional threats are still encouraged.

THRecon - Threat Hunting Reconnaissance Toolkit

  •    PowerShell

Collect endpoint information for use in incident response, threat hunting, live forensics, baseline monitoring, etc. * Info pulled from current running processes or their executables on disk.

SysmonResources - Consolidation of various resources related to Microsoft Sysmon & sample data/log

  •    Python

Consolidation of various resources related to Microsoft Sysmon. The resources are organised in the various folders above. Much of it is re-organisation of https://github.com/MHaggis/sysmon-dfir kudos to Michael Haag. My opinions/thoughts/contributions are largely within the visualization & sample data folders (sample logs will be gradually added). Github Desktop & Typora apps made it a pleasure to organise these resources.