nasbench
Detection Engineering | Threat Hunting | Malware Analysis | Windows Internals | DFIR
@NextronSystems @SigmaHQ @magicsword-ioHAL
nasbench's Stars
Ciphey/Ciphey
⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
Neo23x0/signature-base
YARA signature and IOC database for my scanners and tools
Purp1eW0lf/Blue-Team-Notes
You didn't think I'd go and leave the blue team out, right?
nshalabi/SysmonTools
Utilities for Sysmon
tsale/EDR-Telemetry
This project aims to compare and evaluate the telemetry of various EDR products.
magicsword-io/LOLDrivers
Living Off The Land Drivers
ethereal-vx/Antivirus-Artifacts
Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot.
wietze/HijackLibs
Project for tracking publicly disclosed DLL Hijacking opportunities.
vu-ls/Crassus
persistence-info/persistence-info.github.io
api0cradle/CVE-2023-23397-POC-Powershell
Digital-Forensics-Discord-Server/TheHitchhikersGuidetoDFIRExperiencesFromBeginnersandExperts
The official repo for a project involving a crowdsourced DFIR book. The main purpose of this book is to give anyone interested an opportunity to write a chapter of a book to get their name out there, get a publication on their resume with an actual ISBN number, and ideally lower the bar for people to contribute something back to the DFIR Community. Want to write a chapter? Let me know and let's make it happen!
CFandR-github/PHP-binary-bugs
PHP binary bugs advisory
AndrewRathbun/Awesome-KAPE
A curated list of KAPE-related resources
jsecurity101/Windows-API-To-Sysmon-Events
A repository that maps API calls to Sysmon Event ID's.
moaistory/WinSearchDBAnalyzer
http://moaistory.blogspot.com/2018/10/winsearchdbanalyzer.html
SigmaHQ/sigma-specification
Sigma rule specification
center-for-threat-informed-defense/attack-powered-suit
ATT&CK Powered Suit is a browser extension that puts the complete MITRE ATT&CK® knowledge base at your fingertips with text search, context menus, and ATT&CK Navigator integration.
NextronSystems/CyberChef
CyberChef - Detection Engineering, TI, DFIR, Malware Analysis Edition
microsoft/component-object-model-sample
Sample code for Component Object Model (COM) setup and registration.
woanware/etw-event-dumper
RomaissaAdjailia/Get-AppLockerEventlog
This is a repo for fetching Applocker event log by parsing the win-event log
SigmaHQ/pySigma-backend-splunk
pySigma Splunk backend
RomaissaAdjailia/MindMaps
g-les/Misc
Random things for my own reference
nasbench/Awesome-Detection-Engineering
Resources and Discussions About Detection Engineering
ch33r10/DEFCON30-BTV-TheDFIRReportHomecomingParadePanel
BTV PANEL FOR D3FC0N HACKER HOMECOMING https://dc30.blueteamvillage.org/call-for-content-2022/talk/SWJTX9/
Cyb3rWard0g/SnorlaxSvc
A service that just sleeps.
pH-T/automon
Sysmon installation wrapper
RomaissaAdjailia/NISTIR-8374-Ransomware