-
Notifications
You must be signed in to change notification settings - Fork 1
Blue Team Tools
Easy response tool to response to security incidents. https://www.getorchestrator.com/#screenshots
Windows 10 1803 Activities artifacts DFIR
PAW: MS Privileged Access Workstations
Passive DNS/Logging DNS on windows: Network Forensics with Windows DNS Analytical Logging
OS Query + ELK + Kolide Fleet: Threat hunting with ELK+OS Query
OLE Toy for MS docs: https://github.com/renyxa/re-lab/tree/master/oletoy DNS greylisting: Foghorn
Attack Surface Reduction in windows 10
RITA Real Intel THreat Analysis. Ingests bro logs, spits out threat intel.
Microsoft ATA - Lateral movement detection
List of hardening steps for various apps from the DoD
Vulnerability/static analysis of containers
Living off the land/fileless attacks
Microsoft powershell tools to mimic various types of attacks
Pi-Hole network wide DNS based adblocking script, uses dnsmasq and optional DHCP server.
CIS AWS best practices checker
Find all public IPs tied/in use by a AWS account
FLOSS A better strings for extracting obfuscated strings from malware.