ESDaman

Pinned Repositories

PullSigmaFields
Generates a list of field names for manually mapping Sigma rule fields to your specific field names. Then update sigmac rule generator config file.
Language:Python10
convert-to-bidirectional-flow
Converts Uni-directional SILK netflow to bi-directional netflow for easier analysis. See file's help for information on input and usage.
Language:Python00
DemoPS-RS
Reverse shell for use in packet analysis demo
Language:PowerShell00
Testing
Language:VBScript00
VT_API_URL
Current as of: 20190509 Use VT_API_URL to bulk scan domains to speed up analysis Scripts take a CSV of domains. Deduplicate the list to be nice to Virustotal(VT) Run Scanner_VT_API_URL.py first to make sure all URLs are submitted to VT Run Report_VT_API_URL.py second to pull results. This will also display only domains with a "positives" score greater than one. Results for all domains will be saved in json format for later use. Results for positive hits will be saved in ReportResults.log
Language:Python00
VT_Hash_Check
Takes a list of hashes and pulls reports from VirusTotal. Will only display results with 1 or more positives.
Language:PowerShell00
Web_String_Decoder
Tries to take a BULK list of content that contains pre cut strings from URI's for decoding. Mainly uploaded for future reference, no longer operational.
Language:PowerShell00

ESDaman's Repositories

ESDaman/Testing
Language:VBScript
ESDaman/DemoPS-RS
Reverse shell for use in packet analysis demo
Language:PowerShell
ESDaman/convert-to-bidirectional-flow
Converts Uni-directional SILK netflow to bi-directional netflow for easier analysis. See file's help for information on input and usage.
Language:Python
ESDaman/PullSigmaFields
Generates a list of field names for manually mapping Sigma rule fields to your specific field names. Then update sigmac rule generator config file.
Language:Python1
ESDaman/VT_API_URL
Current as of: 20190509 Use VT_API_URL to bulk scan domains to speed up analysis Scripts take a CSV of domains. Deduplicate the list to be nice to Virustotal(VT) Run Scanner_VT_API_URL.py first to make sure all URLs are submitted to VT Run Report_VT_API_URL.py second to pull results. This will also display only domains with a "positives" score greater than one. Results for all domains will be saved in json format for later use. Results for positive hits will be saved in ReportResults.log
Language:Python
ESDaman/Web_String_Decoder
Tries to take a BULK list of content that contains pre cut strings from URI's for decoding. Mainly uploaded for future reference, no longer operational.
Language:PowerShell
ESDaman/VT_Hash_Check
Takes a list of hashes and pulls reports from VirusTotal. Will only display results with 1 or more positives.
Language:PowerShell