Pinned Repositories
800-63-3
Home to public development of draft Special Publication 800-63-3: Digital Authentication Guidelines
actortrackr
Home to the ActorTrackr source code
Aftertale
ApiV2
Version 2 of the ThreatCrowd API
APTnotes
Various public documents, whitepapers and articles about APT campaigns
aquatone
A Tool for Domain Flyovers
artifacts
Digital Forensics Artifact Repository
attack-navigator
Web app that provides basic navigation and annotation of ATT&CK matrices
awesome
:sunglasses: Curated list of awesome lists
awesome-markdown
A collection of awesome markdown goodies (libraries, services, editors, tools, cheatsheets, etc.)
dfirgeek's Repositories
dfirgeek/dll-hijacking-poc
A quick POC on how to embed a meterpreter in Firefox via DLL hijacking
dfirgeek/sqhunter
A simple threat hunting tool based on osquery, Salt Open and Cymon API
dfirgeek/q
q - Run SQL directly on CSV or TSV files
dfirgeek/actortrackr
Home to the ActorTrackr source code
dfirgeek/SecLists
SecLists is the security tester's companion. It is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.
dfirgeek/sigma
Generic Signature Format for SIEM Systems
dfirgeek/ThreatHunter-Playbook
A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
dfirgeek/signature-base
Signature base for my scanner tools
dfirgeek/mimipenguin
A tool to dump the login password from the current linux user
dfirgeek/Aftertale
dfirgeek/SIMP
A system automation and configuration management stack targeted toward operational flexibility and policy compliance.
dfirgeek/Nooscope
This program creates the class Nooscope to pull a Top Level Domain (TLD )report for a given domain/IP
dfirgeek/Groom-Porter
Simple script to do some quality control and pull metrics from YARA files.
dfirgeek/Detections
dfirgeek/Empire
Empire is a PowerShell and Python post-exploitation agent.
dfirgeek/ostip
dfirgeek/ThreatPinchLookup
Documentation and Sharing Repository for ThreatPinch Lookup Chrome Extension
dfirgeek/DidierStevensSuite
Please no pull requests for this repository. Thanks!
dfirgeek/dnscache
Volatility memory forensics plugin for extracting Windows DNS Cache
dfirgeek/dirsearch
Web path scanner
dfirgeek/CrowdFMS
CrowdStrike Feed Management System
dfirgeek/pytan
Python Wrapper for Tanium's SOAP API
dfirgeek/crouton
Chromium OS Universal Chroot Environment
dfirgeek/imagemounter
Command line utility and Python package to ease the (un)mounting of forensic disk images
dfirgeek/hexchat
GTK+ IRC client -
dfirgeek/snort-faq
Snort FAQ
dfirgeek/wordlist-medicalterms-en
Dictionary of English medical terms for LibreOffice/OpenOffice/Android/Word
dfirgeek/ThreatHunting
An informational repo about hunting for adversaries in your IT environment.
dfirgeek/volatility
An advanced memory forensics framework
dfirgeek/MISP
MISP - Malware Information Sharing Platform & Threat Sharing