Pinned Repositories
DFIRMindMaps
A repository of DFIR-related Mind Maps geared towards the visual learners!
ELK4QRADAR
Collecting offenses metadata and generating metrics using ELK stack
ELK_Health_Check
Script for automating basic health check tasks
PCAP-ATTACK
PCAP Samples for Different Post Exploitation Techniques
PSIR
PowerShell Incident Response
QRadar-ruleset
QRadar Export the rule set for printing
RDP-NLA
RDP usage artifacts with and without NLA enabled
shad0w
A post exploitation framework designed to operate covertly on heavily monitored enviroments
ThreatHunter-Playbook
A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
EVTX-ATTACK-SAMPLES
Windows Events Attack Samples
Cyb3rSn0rlax's Repositories
Cyb3rSn0rlax/RDP-NLA
RDP usage artifacts with and without NLA enabled
Cyb3rSn0rlax/ELK4QRADAR
Collecting offenses metadata and generating metrics using ELK stack
Cyb3rSn0rlax/PSIR
PowerShell Incident Response
Cyb3rSn0rlax/PCAP-ATTACK
PCAP Samples for Different Post Exploitation Techniques
Cyb3rSn0rlax/ThreatHunter-Playbook
A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
Cyb3rSn0rlax/ELK_Health_Check
Script for automating basic health check tasks
Cyb3rSn0rlax/QRadar-ruleset
QRadar Export the rule set for printing
Cyb3rSn0rlax/shad0w
A post exploitation framework designed to operate covertly on heavily monitored enviroments
Cyb3rSn0rlax/DFIRMindMaps
A repository of DFIR-related Mind Maps geared towards the visual learners!
Cyb3rSn0rlax/BetterSafetyKatz
BetterSafetyKatz
Cyb3rSn0rlax/DefenderCheck
Identifies the bytes that Microsoft Defender flags on.
Cyb3rSn0rlax/ETLParser
Binary commandline executable to parse ETL files
Cyb3rSn0rlax/EVTX-ATTACK-SAMPLES
Windows Events Samples
Cyb3rSn0rlax/FileTest
Cyb3rSn0rlax/flare-vm
Cyb3rSn0rlax/fortinet-2-elasticsearch
Fortinet products logs to Elasticsearch
Cyb3rSn0rlax/h1l021.github.io
Cyb3rSn0rlax/mordor
Re-play Adversarial Techniques
Cyb3rSn0rlax/NetLoader
Loads any C# binary in mem, patching AMSI and bypassing Windows Defender
Cyb3rSn0rlax/OSSEM-DM
OSSEM Detection Model
Cyb3rSn0rlax/Pentest-Tools-Collection
Cyb3rSn0rlax/QRadar-AQLQueries
Useful AQL Queries
Cyb3rSn0rlax/SharpCollection
Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.
Cyb3rSn0rlax/SIRA
Security Incident Response Automation
Cyb3rSn0rlax/WELA
WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
Cyb3rSn0rlax/wincollect
Cyb3rSn0rlax/winterfell
Winterfell are a group of windows batch scripts to collect Windows forensics data and perform efficient, and fast incident response and threat hunting activities.
Cyb3rSn0rlax/wireguard-install
WireGuard VPN installer for Linux servers