Pinned Repositories
AaronLocker
Robust and practical application whitelisting for Windows
adb
Adaptive Document Builder
ansible-splunk-playbook
Install a full Splunk Enterprise Cluster or Universal forwarder using an ansible playbook
ARTHIR
ATT&CK Remote Threat Hunting Incident Response
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
awesome-threat-detection
A curated list of awesome threat detection and hunting resources
awesome-windows-domain-hardening
A curated list of awesome Security Hardening techniques for Windows.
guacamole-docker-compose
Guacamole with docker-compose using PostgreSQL, nginx with SSL (self-signed)
threathunting-spl
Splunk code (SPL) for serious threat hunters and detection engineers.
medtemo's Repositories
medtemo/guacamole-docker-compose
Guacamole with docker-compose using PostgreSQL, nginx with SSL (self-signed)
medtemo/threathunting-spl
Splunk code (SPL) for serious threat hunters and detection engineers.
medtemo/ansible-splunk-playbook
Install a full Splunk Enterprise Cluster or Universal forwarder using an ansible playbook
medtemo/atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
medtemo/awesome-threat-detection
A curated list of awesome threat detection and hunting resources
medtemo/chainsaw
Rapidly Search and Hunt through Windows Forensic Artefacts
medtemo/CyberThreatHunting
A collection of resources for Threat Hunters
medtemo/DFIRMindMaps
A repository of DFIR-related Mind Maps geared towards the visual learners!
medtemo/Event-Forwarding-Guidance
Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsacyber
medtemo/EvilClippy
A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
medtemo/EVTX-to-MITRE-Attack
Set of EVTX samples (>170) mapped to MITRE Att@k tactic and techniques to measure your SIEM coverage or developed new use cases.
medtemo/hollows_hunter
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
medtemo/Incident-Response-with-Threat-Intelligence
Incident Response with Threat Intelligence, published by Packt
medtemo/Kansa
A Powershell incident response framework
medtemo/koadic
Koadic C3 COM Command & Control - JScript RAT
medtemo/LOLBAS
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
medtemo/malware-persistence
Collection of malware persistence and hunting information. Be a persistent persistence hunter!
medtemo/Microsoft-eventlog-mindmap
Set of Mindmaps providing a detailed overview of the different #Microsoft auditing capacities for Windows, Exchange, Azure,...
medtemo/osctrl
Fast and efficient osquery management
medtemo/osq-ext-bin
Extension to osquery windows that enhances it with real-time telemetry, log monitoring and other endpoint data collection
medtemo/OSSEM-DM
OSSEM Detection Model
medtemo/PSGumshoe
medtemo/RedTeam-Tactics-and-Techniques
Red Teaming Tactics and Techniques
medtemo/Security-Datasets
Re-play Security Events
medtemo/SIEM
SIEM Tactics, Techiques, and Procedures
medtemo/sysmon-modular
A repository of sysmon configuration modules
medtemo/VBoxHardenedLoader
VirtualBox VM detection mitigation loader
medtemo/VmwareHardenedLoader
Vmware Hardened VM detection mitigation loader (anti anti-vm)
medtemo/WECComputerGroupMgmt
medtemo/windows_event_logging
Windows Event Forwarding subscriptions, configuration files and scripts that assist with implementing ACSC's protect publication, Technical Guidance for Windows Event Logging.