JSHOX1's Stars
scythe-io/purple-team-exercise-framework
Purple Team Exercise Framework
Rurik/Noriben
Noriben - Portable, Simple, Malware Analysis Sandbox
rod-trent/MustLearnKQL
Code included as part of the MustLearnKQL blog series
alexverboon/MDATP
MDATP
0xDanielLopez/TweetFeed
TweetFeed collects Indicators of Compromise (IOCs) shared by the infosec community at Twitter. Here you will find malicious URLs, domains, IPs, and SHA256/MD5 hashes.
ControlCompass/ControlCompass.github.io
Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques
ThreatHuntingProject/ThreatHunting
An informational repo about hunting for adversaries in your IT environment.
eshlomo1/Microsoft-Sentinel-SecOps
Microsoft Sentinel SOC Operations
SentineLabs/S1QL-Queries
keyboardcrunch/sentinelone-queries
Repository of SentinelOne Deep Visibility queries.
Cyb3r-Monk/Threat-Hunting-and-Detection
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
olafhartong/sysmon-modular
A repository of sysmon configuration modules
paladin316/ThreatHunting
This repo is where I store my Threat Hunting ideas/content
reprise99/Sentinel-Queries
Collection of KQL queries
OWNsecurity/fastir_artifacts
Live forensic artifacts collector
SekoiaLab/Fastir_Collector
Beercow/OneDriveExplorer
OneDriveExplorer is a command line and GUI based application for reconstructing the folder structure of OneDrive from the <UserCid>.dat and <UserCid>.dat.previous file.
Azure/Azure-Sentinel
Cloud-native SIEM for intelligent security analytics for your entire enterprise.
mitre-attack/car
Cyber Analytics Repository
panther-labs/panther-analysis
Built-in Panther detection rules and policies
microsoft/Microsoft-365-Defender-Hunting-Queries
Sample queries for Advanced hunting in Microsoft 365 Defender
Yara-Rules/rules
Repository of yara rules
sophoslabs/IoCs
Sophos-originated indicators-of-compromise from published reports
FalconForceTeam/FalconFriday
Hunting queries and detections
chronicle/detection-rules
Collection of YARA-L 2.0 sample rules for the Chronicle Detection API
elastic/detection-rules
YossiSassi/Get-UserSession
Query user sessions for the entire domain (Interactive/RDP etc), allowing you to query a Username and see all their logged on sessions, whether Active or Disconnected
center-for-threat-informed-defense/insider-threat-ttp-kb
The principal objective of this project is to develop a knowledge base of the tactics, techniques, and procedures (TTPs) used by insiders in the IT environment. It will establish an Insider Threat TTP Knowledge Base, built upon data collected on insider threat incidents and lessons learned and experience from the ATT&CK knowledge base.
splunk/security_content
Splunk Security Content
SigmaHQ/sigma
Main Sigma Rule Repository