Extracted Yara rules from Windows Defender mpavbase and mpasbase

Real-time, container-based file scanning at enterprise scale

The Volatility Collaborative GUI

UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD…

Incident Response collection and processing scripts with automated reporting scripts

CyLR - Live Response Collection Tool

Script for parsing Symantec Endpoint Protection logs, VBNs, and ccSubSDK database.

This repo is about Active Directory Advanced Threat Hunting

Automated Adversary Emulation Platform

Event Tracing For Windows (ETW) Resources

Supplemental information and resources for the Security Benchmark documentation available at https://docs.microsoft.com/azure/security/benchmarks/.

Project based on RegRipper, to extract add'l value/pivot points from TLN events file

HardeningKitty - Checks and hardens your Windows configuration

Powershell script to do domain auditing automation

A repo that aims to centralize a current, running list of relevant parsers/tools for known DFIR artifacts

Red Teaming & Pentesting checklists for various engagements

A utility to safely generate malicious network traffic patterns and evaluate controls.

A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update. Use these CSVs t…

Chris Titus Tech's Windows Utility - Install Programs, Tweaks, Fixes, and Updates

A simple username osint tool built in go

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Automation to assess the state of your M365 tenant against CISA's baselines

A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID

Windows Malware Investigation Scripts & Docs

8 Lessons, Kick-start Your Cybersecurity Learning.

Untitled Goose Tool is a robust and flexible hunt and incident response tool that adds novel authentication and data gathering methods in order to run a full investigation against a customer’s Azur…

Contains compiled binaries of Volatility

This repository contains sample programs that mimick behavior found in real-world malware. The goal is to provide source code that can be compiled and used for learning purposes, without having to …

A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).