mrtompa's Stars
splunk/attack_range
A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk
SuprHackerSteve/Crescendo
Crescendo is a swift based, real time event viewer for macOS. It utilizes Apple's Endpoint Security Framework.
netevert/sentinel-attack
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
CIRCL/AIL-framework
AIL framework - Analysis Information Leak framework. Project moved to https://github.com/ail-project
nshalabi/ATTACK-Tools
Utilities for MITRE™ ATT&CK
williballenthin/INDXParse
Tool suite for inspecting NTFS artifacts.
zacbrown/PowerKrabsEtw
PowerKrabsEtw is a PowerShell interface for doing real-time ETW tracing.
wesleyraptor/streamingphish
Python-based utility that uses supervised machine learning to detect phishing domains from the Certificate Transparency log network.
rcoh/angle-grinder
Slice and dice logs on the command line
redhuntlabs/RedHunt-OS
Virtual Machine for Adversary Emulation and Threat Hunting
A-mIn3/WINspect
Powershell-based Windows Security Auditing Toolbox
Mr-Un1k0d3r/PowerLessShell
Run PowerShell command without invoking powershell.exe
alphasoc/flightsim
A utility to safely generate malicious network traffic patterns and evaluate controls.
TonyPhipps/Meerkat
A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
Srinivas11789/PcapXray
:snowflake: PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction
mitre/caldera
Automated Adversary Emulation Platform
TryCatchHCF/DumpsterFire
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
redcanaryco/atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
endgameinc/RTA
uber-common/metta
An information security preparedness tool to do adversarial simulation.
NextronSystems/APTSimulator
A toolset to make a system look as if it was the victim of an APT attack
guardicore/monkey
Infection Monkey - An open-source adversary emulation platform
olafhartong/sysmon-modular
A repository of sysmon configuration modules
0xrawsec/whids
Open Source EDR for Windows
sans-blue-team/blue-team-wiki
Tools, techniques, cheat sheets, and other resources to assist those defending organizations and detecting adversaries
szimeus/evalyzer
Using WinDBG to tap into JavaScript and help with deobfuscation and browser exploit detection
egaus/MaliciousMacroBot
mgreen27/Invoke-LiveResponse
Invoke-LiveResponse
cisco/joy
A package for capturing and analyzing network flow data and intraflow data, for network research, forensics, and security monitoring.
jaegeral/security-apis
A collective list of public APIs for use in security. Contributions welcome