Boorena's Stars
briandelmsft/SentinelAutomationModules
The Microsoft Sentinel Triage AssistanT (STAT) enables easy to create incident triage automation in Microsoft Sentinel
microsoft/mdefordownlevelserver
microsoft/mdatp-xplat
Microsoft Defender for macOS/Linux - config samples, auxiliary tools
HydraDragonAntivirus/HydraDragonAntivirus
Dynamic and Static Analysis with Sandboxie for Windows with ClamAV, YARA-X, my machine learning AI, Behaviour analysis, NLP-Based detection, website signatures, Ghidra and Snort etc.
ibraheemdev/modern-unix
A collection of modern/faster/saner alternatives to common unix commands.
Neo23x0/sysmon-config
Sysmon configuration file template with default high-quality event tracing
Neo23x0/Loki
Loki - Simple IOC and YARA Scanner
Neo23x0/yarGen
yarGen is a generator for YARA rules
Neo23x0/Raccine
A Simple Ransomware Vaccine
NextronSystems/APTSimulator
A toolset to make a system look as if it was the victim of an APT attack
SigmaHQ/sigma
Main Sigma Rule Repository
Neo23x0/sysmon-version-history
An Inofficial Sysmon Version History (Change Log)
dabeastnet/PixelPoSH
PixelPoSH is a PowerShell script designed for generating random backgrounds.
YongRhee-MDE/LiveResponse
M365 MDATP Live Response sample scripts
SeeminglyScience/EditorServicesCommandSuite
Collection of editor commands for use in PowerShell Editor Services.
deepinstinct/Dirty-Vanity
A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass-28417
sakai135/wsl-vpnkit
Provides network connectivity to WSL 2 when blocked by VPN
nsacyber/AppLocker-Guidance
Configuration guidance for implementing application whitelisting with AppLocker. #nsacyber
trellix-enterprise/ExpertRules
This repository contains a set of rules samples that can be directly used with Trellix Endpoint Security, in the Exploit Prevention policy.
RePRGM/Nimperiments
Various one-off pentesting projects written in Nim. Updates happen on a whim.
deepinstinct/ContainYourself
A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.
freedomofpress/dangerzone
Take potentially dangerous PDFs, office documents, or images and convert them to safe PDFs
MicrosoftDocs/WDAC-Toolkit
Documentation and tools to access Windows Defender Application Control (WDAC) technology.
cncf/tag-security
🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!
GhostPack/Seatbelt
Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
peass-ng/PEASS-ng
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
olafhartong/sysmon-modular
A repository of sysmon configuration modules
SwiftOnSecurity/sysmon-config
Sysmon configuration file template with default high-quality event tracing
trustedsec/SysmonCommunityGuide
TrustedSec Sysinternals Sysmon Community Guide
newlog/exploiting
Stuff you might use when exploiting software