rainysexy

Pinned Repositories

AggressorScripts
Aggressor scripts for use with Cobalt Strike 3.0+
00
APT-Hunter
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
Language:Python00
ARTHIR
ATT&CK Remote Threat Hunting Incident Response
Language:PowerShell00
auditd
Best Practice Auditd Configuration
00
cobalt-arsenal
My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+
Language:PowerShell00
Demos
Repo Filled With Follow Along Guides
Language:Shell00
DetectionLabELK
DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
Language:PowerShell00
elastic_stack
Language:Shell00
elasticsearch
Free and Open, Distributed, RESTful Search Engine
Language:Java00

rainysexy's Repositories

rainysexy/AggressorScripts
Aggressor scripts for use with Cobalt Strike 3.0+
00
rainysexy/APT-Hunter
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
Language:Python00
rainysexy/ARTHIR
ATT&CK Remote Threat Hunting Incident Response
Language:PowerShell00
rainysexy/auditd
Best Practice Auditd Configuration
00
rainysexy/cobalt-arsenal
My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+
Language:PowerShell00
rainysexy/Demos
Repo Filled With Follow Along Guides
Language:Shell00
rainysexy/DetectionLabELK
DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
Language:PowerShell00
rainysexy/elastic_stack
Language:Shell00
rainysexy/elasticsearch
Free and Open, Distributed, RESTful Search Engine
Language:Java00
rainysexy/elk-course-samples
Sample data for the ELK course
rainysexy/Event-Forwarding-Guidance
Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsacyber
rainysexy/GPO-Template-Import-APT06202001
Applied Purple Teaming - (ITOCI4hr) - Infrastructure, Threat Optics, and Continuous Improvement - June 6, 2020
rainysexy/HELK
The Hunting ELK
rainysexy/Install-Splunk-on-Ubuntu-Using-.DEB-file
rainysexy/Install-Sysmon-powershell
Powershell Script to Install Sysmon from configuration file
rainysexy/logstash-1
rainysexy/logstash-input-plugins
rainysexy/Microsoft-Extractor-Suite
A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.
rainysexy/NXLog-AutoConfig
rainysexy/osquery-attck
Mapping the MITRE ATT&CK Matrix with Osquery
rainysexy/osquery-configuration
A repository for using osquery for incident detection and response
rainysexy/osquery-pack-query
SQL powered operating system instrumentation, monitoring, and analytics.
rainysexy/sysmon-dfir
Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
rainysexy/sysmon-modular
A repository of sysmon configuration modules
rainysexy/SysmonSimulator
Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams.
rainysexy/Ubuntu-Linux---Disable-THP-and-Increase-Ulimits
rainysexy/Wazuh
rainysexy/wazuh-1
rainysexy/Wazuh-Rules
Advanced Wazuh Rules for more accurate threat detection. Feel free to implement within your own Wazuh environment, contribute, or fork!
rainysexy/windows-event-forwarding
A repository for using windows event forwarding for incident detection and response