Boorena

Boorena's Stars

• briandelmsft/SentinelAutomationModules

  The Microsoft Sentinel Triage AssistanT (STAT) enables easy to create incident triage automation in Microsoft Sentinel

  Language:PowerShell21258

• microsoft/mdefordownlevelserver

  Language:PowerShell7136

• microsoft/mdatp-xplat

  Microsoft Defender for macOS/Linux - config samples, auxiliary tools

  Language:Shell193191

• HydraDragonAntivirus/HydraDragonAntivirus

  Dynamic and Static Analysis with Sandboxie for Windows with ClamAV, YARA-X, my machine learning AI, Behaviour analysis, NLP-Based detection, website signatures, Ghidra and Snort etc.

  Language:YARA372

• ibraheemdev/modern-unix

  A collection of modern/faster/saner alternatives to common unix commands.

  30.8k781

• Neo23x0/sysmon-config

  Sysmon configuration file template with default high-quality event tracing

  44961

• Neo23x0/Loki

  Loki - Simple IOC and YARA Scanner

  Language:Python3.4k581

• Neo23x0/yarGen

  yarGen is a generator for YARA rules

  Language:Python1.5k282

• Neo23x0/Raccine

  A Simple Ransomware Vaccine

  Language:C++945122

• NextronSystems/APTSimulator

  A toolset to make a system look as if it was the victim of an APT attack

  Language:Batchfile2.5k426

• SigmaHQ/sigma

  Main Sigma Rule Repository

  Language:Python8.2k2.2k

• Neo23x0/sysmon-version-history

  An Inofficial Sysmon Version History (Change Log)

  3210

• dabeastnet/PixelPoSH

  PixelPoSH is a PowerShell script designed for generating random backgrounds.

  Language:PowerShell171

• YongRhee-MDE/LiveResponse

  M365 MDATP Live Response sample scripts

  Language:PowerShell5816

• SeeminglyScience/EditorServicesCommandSuite

  Collection of editor commands for use in PowerShell Editor Services.

  Language:C#15113

• deepinstinct/Dirty-Vanity

  A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass-28417

  Language:C61683

• sakai135/wsl-vpnkit

  Provides network connectivity to WSL 2 when blocked by VPN

  Language:Shell2.3k164

• nsacyber/AppLocker-Guidance

  Configuration guidance for implementing application whitelisting with AppLocker. #nsacyber

  Language:PowerShell20963

• trellix-enterprise/ExpertRules

  This repository contains a set of rules samples that can be directly used with Trellix Endpoint Security, in the Exploit Prevention policy.

  251

• RePRGM/Nimperiments

  Various one-off pentesting projects written in Nim. Updates happen on a whim.

  Language:Nim14615

• deepinstinct/ContainYourself

  A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.

  Language:C++30136

• freedomofpress/dangerzone

  Take potentially dangerous PDFs, office documents, or images and convert them to safe PDFs

  Language:Python3.6k172

• MicrosoftDocs/WDAC-Toolkit

  Documentation and tools to access Windows Defender Application Control (WDAC) technology.

  Language:C#19940

• cncf/tag-security

  🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!

  Language:HTML2k510

• GhostPack/Seatbelt

  Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.

  Language:C#3.7k684

• peass-ng/PEASS-ng

  PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

  Language:C#15.9k3.1k

• olafhartong/sysmon-modular

  A repository of sysmon configuration modules

  Language:PowerShell2.6k588

• SwiftOnSecurity/sysmon-config

  Sysmon configuration file template with default high-quality event tracing

  4.8k1.7k

• trustedsec/SysmonCommunityGuide

  TrustedSec Sysinternals Sysmon Community Guide

  Language:CSS1.1k164

• newlog/exploiting

  Stuff you might use when exploiting software

  Language:Python8044