elhoim's Stars
HotCakeX/Harden-Windows-Security
Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Personal, Enterprise, Government and Military security levels | Read The Rationale https://github.com/HotCakeX/Harden-Windows-Security/blob/main/Rationale.md
cyb3rmik3/KQL-threat-hunting-queries
A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
splunk/docker-splunk
Splunk Docker GitHub Repository
factionsecurity/faction
Pen Test Report Generation and Assessment Collaboration
LearningKijo/SecurityResearcher-Note
Cover various security approaches to attack techniques and also provides new discoveries about security breaches.
LearningKijo/KQL
Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.
evild3ad/Microsoft-Analyzer-Suite
A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID
jatrost/awesome-detection-rules
This is a collection of threat detection rules / rules engines that I have come across.
KQLMSPress/definitive-guide-kql
Sample queries and data as part of the Microsoft Press book, The Definitive Guide to KQL
Devolutions/MsRdpEx
Microsoft RDP Client Extensions
BushidoUK/CTI-Analyst-Challenge
An analytical challenge created to test junior analysts looking to try performing proactive and reactive cyber threat intelligence.
splunk/ShellSweep
ShellSweeping the evil.
adanalvarez/TrailDiscover
An evolving repository of CloudTrail events with detailed descriptions, MITRE ATT&CK insights, real-world incidents, references and security implications
mgreen27/DetectRaptor
A repository to share publicly available Velociraptor detection content
LivingInSyn/RMML
A list of RMMs designed to be used in automation to build alerts
Yamato-Security/takajo
Takajō (鷹匠) is a Hayabusa results analyzer.
Bert-JanP/Sentinel-Automation
Sentinel Logic Apps/Playbooks to automate enrichment, incident analysis and more.
jischell-msft/RemoteManagementMonitoringTools
Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations
c2links/NoWhere2Hide
C2 Active Scanner
Ruler-Project/ruler-project
Remote access and Antivirus Logging Database
dionach/ShareAudit
A tool for auditing network shares in an Active Directory environment
solidarity-labs/dredge-mvp
nicolonsky/ITDR
Collection of Microsoft Identity Threat Detection and Response resources.
lkarlslund/adalanche-sampledata
Explore the GOAD Active Directory lab in 5 minutes with Adalanche
cyb3rmik3/Hunting-Lists
A repository of curated lists with elements such as IoCs to use for threat hunting & detection queries.
colincowie/LeakSiteAnalytics
Using plotly to perfom data visualization of ransomware leak site data
colincowie/Timestamp-HeatMap
A python utility for creating timestamp heatmaps in ploty
padey/Sublime-Detection-Rules
This repo contains all my personal Sublime Security detection rules.
Derekt2/InfraFinder
Finds shared attributes across multiple IP addresses by querying Censys
frack113/SigmaDiff
know the rules that have changed between 2 Sigma rules folder