Pinned Repositories
AllthingsTimesketch
This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
Azure-Sentinel-Notebooks
Interactive Azure Sentinel Notebooks provides security insights and actions to investigate anomalies and hunt for malicious behaviors.
block-parser
Parser for Windows PowerShell script block logs
det-eng-samples
This repository contains sample log data that were collected after running adversary simulations in Microsoft 365
LOLBAS
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
memOptix
A Jupyter notebook to assist with the analysis of the output generated from Volatility memory extraction framework.
timesketch
Collaborative forensic timeline analysis
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
invoke-atomicredteam
Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team project.
blueteam0ps's Repositories
blueteam0ps/memOptix
A Jupyter notebook to assist with the analysis of the output generated from Volatility memory extraction framework.
blueteam0ps/AllthingsTimesketch
This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.
blueteam0ps/det-eng-samples
This repository contains sample log data that were collected after running adversary simulations in Microsoft 365
blueteam0ps/timesketch
Collaborative forensic timeline analysis
blueteam0ps/atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
blueteam0ps/Azure-Sentinel-Notebooks
Interactive Azure Sentinel Notebooks provides security insights and actions to investigate anomalies and hunt for malicious behaviors.
blueteam0ps/block-parser
Parser for Windows PowerShell script block logs
blueteam0ps/chainsaw
Rapidly Search and Hunt through Windows Event Logs
blueteam0ps/Infosec_Reference
An Information Security Reference That Doesn't Suck
blueteam0ps/LOLBAS-1
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
blueteam0ps/Microsoft-Extractor-Suite
A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.
blueteam0ps/plaso
Super timeline all the things
blueteam0ps/tactical-lists
This repo was created to host lists that can come in handy for DFIR teams.
blueteam0ps/Tools
Tools from WFA 4/e, timeline tools, etc.
blueteam0ps/bulk_extractor
This is the development tree. Production downloads are at:
blueteam0ps/CyLR-1
CyLR - Live Response Collection Tool
blueteam0ps/DeepBlueCLI
blueteam0ps/elasticsearch-plaso-pipelines
Elasticsearch pipelines for processing and enriching plaso data
blueteam0ps/EVTX-ATTACK-SAMPLES
blueteam0ps/hayabusa
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
blueteam0ps/invoke-atomicredteam
Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team project.
blueteam0ps/plaso_filters
Scripts to facilitate filtering with Plaso
blueteam0ps/Public
Collection of scripts provided for public use
blueteam0ps/RegRipper3.0
RegRipper3.0
blueteam0ps/repo-template
A template for creating new repositories in the @orbitdb organization
blueteam0ps/rhq
Recon Hunt Queries
blueteam0ps/Security-Datasets
Re-play Security Events
blueteam0ps/sigma-cli
The Sigma command line interface based on pySigma
blueteam0ps/signature-base
YARA signature and IOC database for my scanners and tools
blueteam0ps/SuperMem
A python script developed to process Windows memory images based on triage type.