Pinned Repositories
AggressorScripts
Aggressor scripts for use with Cobalt Strike 3.0+
APT-Hunter
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
ARTHIR
ATT&CK Remote Threat Hunting Incident Response
auditd
Best Practice Auditd Configuration
cobalt-arsenal
My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+
Demos
Repo Filled With Follow Along Guides
DetectionLabELK
DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
elastic_stack
elasticsearch
Free and Open, Distributed, RESTful Search Engine
rainysexy's Repositories
rainysexy/AggressorScripts
Aggressor scripts for use with Cobalt Strike 3.0+
rainysexy/APT-Hunter
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
rainysexy/ARTHIR
ATT&CK Remote Threat Hunting Incident Response
rainysexy/auditd
Best Practice Auditd Configuration
rainysexy/cobalt-arsenal
My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+
rainysexy/Demos
Repo Filled With Follow Along Guides
rainysexy/DetectionLabELK
DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
rainysexy/elastic_stack
rainysexy/elasticsearch
Free and Open, Distributed, RESTful Search Engine
rainysexy/elk-course-samples
Sample data for the ELK course
rainysexy/Event-Forwarding-Guidance
Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsacyber
rainysexy/GPO-Template-Import-APT06202001
Applied Purple Teaming - (ITOCI4hr) - Infrastructure, Threat Optics, and Continuous Improvement - June 6, 2020
rainysexy/HELK
The Hunting ELK
rainysexy/Install-Splunk-on-Ubuntu-Using-.DEB-file
rainysexy/Install-Sysmon-powershell
Powershell Script to Install Sysmon from configuration file
rainysexy/logstash-1
rainysexy/logstash-input-plugins
rainysexy/Microsoft-Extractor-Suite
A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.
rainysexy/NXLog-AutoConfig
rainysexy/osquery-attck
Mapping the MITRE ATT&CK Matrix with Osquery
rainysexy/osquery-configuration
A repository for using osquery for incident detection and response
rainysexy/osquery-pack-query
SQL powered operating system instrumentation, monitoring, and analytics.
rainysexy/sysmon-dfir
Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
rainysexy/sysmon-modular
A repository of sysmon configuration modules
rainysexy/SysmonSimulator
Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams.
rainysexy/Ubuntu-Linux---Disable-THP-and-Increase-Ulimits
rainysexy/Wazuh
rainysexy/wazuh-1
rainysexy/Wazuh-Rules
Advanced Wazuh Rules for more accurate threat detection. Feel free to implement within your own Wazuh environment, contribute, or fork!
rainysexy/windows-event-forwarding
A repository for using windows event forwarding for incident detection and response