Pinned Repositories
emotet-malware-killer
exploitguard
Documentation and supporting script sample for Windows Exploit Guard
nexusplayer
Advanced Nexus Player Kernel
osquery-configuration
A repository for using osquery for incident detection and response
sentinel-attack
Repository of sentinel alerts and hunting queries leveraging sysmon and the MITRE ATT&CK framework
sysmon-config
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.
sysmon-edr
Sysmon EDR POC Build within Powershell to prove ability.
Unleashed-N4
Ultimate Unleashed- Advanced Bleeding Edge Kernel for the Nexus 4.
Windows-Hunting
YaraRules
ion-storm's Repositories
ion-storm/sysmon-config
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.
ion-storm/sysmon-edr
Sysmon EDR POC Build within Powershell to prove ability.
ion-storm/emotet-malware-killer
ion-storm/YaraRules
ion-storm/exploitguard
Documentation and supporting script sample for Windows Exploit Guard
ion-storm/cti
Cyber Threat Intelligence Repository expressed in STIX 2.0
ion-storm/free-tools
ion-storm/SysmonCommon
The common parts of the Sysinternals Sysmon tool shared between the Windows and Linux versions.
ion-storm/ace-proctree
Create a cool process tree like https://twitter.com/ACEResponder.
ion-storm/BlueHound
ion-storm/ConfluentCyberDemo
Analyze Zeek IDS data with ksqlDB running on Confluent Platform via Docker on your laptop. Or spin up an arbitrary number of AWS hosts, each running Confluent Platform and ksqlDB for use in an instructor-led workshop.
ion-storm/cp-siem
A dockerized demo for illustrating how Confluent can be used in a SIEM Modernization use case.
ion-storm/cyber
ion-storm/DropNet
A tool that can be used to close network connections automatically with a given parameters
ion-storm/falcon-query-assets
Welcome to the Falcon Query Assets GitHub page.
ion-storm/grafana
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
ion-storm/Graylog-Okta
An integration for Graylog and Okta
ion-storm/humio-fdr-utils
Package to help around crowdstrike/fdr data
ion-storm/k8s-go-sigma-streamer
Repo for project GoAhead talk at ShmooCon 2022
ion-storm/kafka-sigma-streams
ion-storm/ksql-extras
UDF/UDAFs for KSQL and example Queries.
ion-storm/o365beat
Elastic Beat for fetching and shipping Office 365 audit events
ion-storm/ProcessBouncer
ProcessBouncer is a PoC for blocking malware with a process-based approach. With a little fine-tuning this allows to effectively block most of current ransomware that is out there.
ion-storm/PS-SentinelOne
PowerShell module for SentinelOne API
ion-storm/restore-archive-for-splunk
ion-storm/security_monitoring
ion-storm/SentinelOne-ATTACK-Queries
MITRE ATT&CK mapped queries for SentinelOne Deep Visiblity
ion-storm/sentinelone-queries
Repository of SentinelOne Deep Visibility queries.
ion-storm/sigma
Generic Signature Format for SIEM Systems
ion-storm/solutions-terraform-jenkins-gitops
Demonstrates the use of Jenkins and Terraform to manage Infrastructure as Code using GitOps practices