jsecurity101

Windows Internals Research and Telemetry Identification

@preludeorgUSA

Pinned Repositories

ETWInspector
Language:C++151 3 016
JonMon
Language:C155 4 025
jsecurity101
14 5 01
LDAPMon
Language:C++43 4 03
Marvel-Lab
A collection of Powershell scripts that will help automate the build process for a Marvel domain.
Language:PowerShell142 9 1420
MSRPC-to-ATTACK
A repository that maps commonly used attacks using MSRPC protocols to ATT&CK
305 10 040
PowerParse
PowerShell PE Parser
Language:PowerShell61 3 14
RandomPOCs
Repo that holds random POCs
Language:C++44 4 16
TelemetrySource
216 9 017
Windows-API-To-Sysmon-Events
A repository that maps API calls to Sysmon Event ID's.
116 12 019

jsecurity101's Repositories

jsecurity101/MSRPC-to-ATTACK
A repository that maps commonly used attacks using MSRPC protocols to ATT&CK
305 10 040
jsecurity101/TelemetrySource
216 9 017
jsecurity101/JonMon
Language:C155 4 025
jsecurity101/ETWInspector
Language:C++151 3 016
jsecurity101/Marvel-Lab
A collection of Powershell scripts that will help automate the build process for a Marvel domain.
Language:PowerShell142 9 1420
jsecurity101/Windows-API-To-Sysmon-Events
A repository that maps API calls to Sysmon Event ID's.
116 12 019
jsecurity101/PowerParse
PowerShell PE Parser
Language:PowerShell61 3 14
jsecurity101/RandomPOCs
Repo that holds random POCs
Language:C++44 4 16
jsecurity101/LDAPMon
Language:C++43 4 03
jsecurity101/MSFT_DriverBlockList
Repository of Microsoft Driver Block Lists based off of OS-builds
38 3 06
jsecurity101/Detecting-Process-Injection-Techniques
This is a repository that is meant to hold detections for various process injection techniques.
Language:Jupyter Notebook33 6 010
jsecurity101/Automated-Detection-Pipeline
Language:Jupyter Notebook15 3 02
jsecurity101/jsecurity101
14 5 01
jsecurity101/Import-Marvel
Powershell script and CSV file that allows you to import marvel characters into Active Directory
Language:PowerShell9 3 04
jsecurity101/Presentations
7 2 01
jsecurity101/ProcCallback
An example of how a driver can register a handle creation callback.
Language:C++7 3 01
jsecurity101/IPC-Mechanisms
2 3 0
jsecurity101/practical-python
Practical Python Programming (course by @dabeaz)
Language:Python2 2 0
jsecurity101/PSReflect-Functions
Module to provide PowerShell functions that abstract Win32 API functions
Language:PowerShell2 2 0
jsecurity101/sysmon-modular
A repository of sysmon configuration modules
Language:PowerShell2 2 0
jsecurity101/WinDbg-Scripts
Repository that holds WinDbg scripts that I have created to help with various tasks.
Language:JavaScript2 3 01
jsecurity101/WonkaVision
Language:C#2 2 0
jsecurity101/AbstractionMaps
1 2 0
jsecurity101/AtomicTestHarnesses
Public Repo for Atomic Test Harness
Language:PowerShell1 2 01
jsecurity101/jsecurity101.github.io
Jekyll-Uno - a minimal, responsive theme for Jekyll based on Uno for Ghost
Language:SCSS1 2 0
jsecurity101/processhacker
A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.
Language:C1 2 0
jsecurity101/Seatbelt
Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
Language:C#1 2 0
jsecurity101/atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
Language:PowerShell2 0
jsecurity101/attack-navigator
Web app that provides basic navigation and annotation of ATT&CK matrices
Language:TypeScript2 0
jsecurity101/function-call-stacks
2 0