Pinned Repositories
antisyphon_activedefensecyberdeception_jan2022
cloud_practionier
rhce
splunkconf19
splunk .conf 19 notes
mbrownnycnyc's Repositories
mbrownnycnyc/antisyphon_activedefensecyberdeception_jan2022
mbrownnycnyc/old_msi_tools
old windows install sdk and an old tool by Heath Stewart called msix https://devblogs.microsoft.com/setup/patch-files-extractor/
mbrownnycnyc/owa_search_cli
Because Outlook and OWA search suck. Searches a mailbox for email items based on a variety of criteria using Exchange Web Services managed API in Exchange Server 2007/2010/+. Returns interesting fields of and an OWA link to mail items.
mbrownnycnyc/keep_on_screener
Replacement for a function of nVidia's driver software nView Desktop that stops windows from spanning screens. Optionally, keeps windows on screen.
mbrownnycnyc/splunkconf19
splunk .conf 19 notes
mbrownnycnyc/cloud_practionier
mbrownnycnyc/rhce
mbrownnycnyc/activecountermeasures_networkthreathuntertraining
notes on: https://www.activecountermeasures.com/network-threat-hunter-training/
mbrownnycnyc/alert_manager
Extended Splunk Alert Manager with advanced reporting on alerts, workflows (modify assignee, status, severity) and auto-resolve features
mbrownnycnyc/atomic-threat-coverage
Actionable analytics designed to combat threats based on MITRE's ATT&CK.
mbrownnycnyc/ATTACKdatamap
A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
mbrownnycnyc/cka
mbrownnycnyc/CryptoBlocker
A script to deploy File Server Resource Manager and associated scripts to block infected users
mbrownnycnyc/folder_change_watcher
Feed it a folder and it will track changes using a FileSystemWatcher() for you, excluding DfsrPrivate, of course.
mbrownnycnyc/hpe3par_pstoolkit
PowerShell Toolkit for HPE Primera and 3PAR supports PowerShell cmdlets, which are wrappers around the native HPE Primera and 3PAR storage CLI commands and Web Services APIs (WSAPI)
mbrownnycnyc/LAPSImplementationGuide
This is a Microsoft LAPS (Local Administrator Password Solution) implementation guide I wrote in 2015. It might be out of date and is chock-full-o' kludgy powershell... definitely not my best work (I mean, no custom objects! c'mon!)
mbrownnycnyc/MalwLess
Test Blue Team detections without running any attack.
mbrownnycnyc/nistnotes
Notes on NIST papers
mbrownnycnyc/Opensource-Endpoint-Monitoring
This repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.
mbrownnycnyc/PowerMemory
Exploit the credentials present in files and memory
mbrownnycnyc/rhcsa
mbrownnycnyc/Splunk-App-for-Microsoft-System-Center-Configuration-Manager-SCCM-
mbrownnycnyc/splunk-jupyter
Analyse your Splunk data from a Jupyter Notebook, as a Pandas Dataframe.
mbrownnycnyc/splunk-sccm
Splunk App for Microsoft SCCM
mbrownnycnyc/TA-DSRemove
Splunk app used to remove a local configuration of deploymentserver.conf in favor of using an app deployed from the deployment server
mbrownnycnyc/TA-latmov
Splunk Security Addon for lateral movement detection
mbrownnycnyc/TA-Sysmon-deploy
Deploy and maintain Symon through the Splunk Deployment Sever
mbrownnycnyc/terraform-aws-kinesis-firehose-splunk
This code creates/configures a Kinesis Firehose in AWS to send CloudWatch log data to Splunk.
mbrownnycnyc/underthewirenotes
mbrownnycnyc/Windows-Exploit-Suggester
This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.