Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR

The Hunting ELK

You didn't think I'd go and leave the blue team out, right?

Detect Tactics, Techniques & Combat Threats

Collection of walkthroughs on various threat hunting techniques

Malware samples, analysis exercises and other interesting resources.

Some important DFIR Resources

Built-in Panther detection rules and policies

Tools and Techniques for Blue Team / Incident Response

YARA signature and IOC database for my scanners and tools

evtx2json extracts events of interest from event logs, dedups them, and exports them to json.

Windows Shortcut file (LNK) parser

Windows Shortcut file (LNK) parser

A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk

Sysmon configuration file template with default high-quality event tracing

Kippo - SSH Honeypot

The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifa…

BadZure orchestrates the setup of Azure AD tenants, populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack …

Cowrie SSH/Telnet Honeypot http://cowrie.readthedocs.io

Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders

Cover various security approaches to attack techniques and also provides new discoveries about security breaches.

Write fuzzer with rust

Practical Windows Forensics Training

WTF are these binaries doing?! A list of benign applications that mimic malicious behavior.

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

An advanced memory forensics framework