sbousseaden

Threat Hunting & DFIR

Pinned Repositories

APT_Digital_Weapon
Indicators of compromise (IOCs) collected from public resources and categorized by Qi-AnXin.
5 1 00
EVTX-ATTACK-SAMPLES
Windows Events Attack Samples
Language:HTML2.1k 144 11392
evtx2es
Import Windows Eventlogs(.evtx) to ElasticSearch.
Language:Python4 1 00
injection-1
Windows process injection methods
Language:C12 1 06
macOS-ATTACK-DATASET
JSON DataSet for macOS mapped to MITRE ATT&CK Tactics.
151 11 223
mail-security-tester
A testing framework for mail security and filtering solutions.
Language:Python8 1 02
PCAP-ATTACK
PCAP Samples for Different Post Exploitation Techniques
338 27 172
shad0w
A post exploitation framework designed to operate covertly on heavily monitored enviroments
Language:C6 1 00
Slides
Misc Threat Hunting Resources
363 33 059
YaraHunts
Random hunting ordiented yara rules
Language:YARA95 11 023

sbousseaden's Repositories

sbousseaden/EVTX-ATTACK-SAMPLES
Windows Events Attack Samples
Language:HTML2.1k 144 11392
sbousseaden/Slides
Misc Threat Hunting Resources
363 33 059
sbousseaden/PCAP-ATTACK
PCAP Samples for Different Post Exploitation Techniques
338 27 172
sbousseaden/macOS-ATTACK-DATASET
JSON DataSet for macOS mapped to MITRE ATT&CK Tactics.
151 11 223
sbousseaden/YaraHunts
Random hunting ordiented yara rules
Language:YARA95 11 023
sbousseaden/shad0w
A post exploitation framework designed to operate covertly on heavily monitored enviroments
Language:C6 1 00
sbousseaden/APT_Digital_Weapon
Indicators of compromise (IOCs) collected from public resources and categorized by Qi-AnXin.
5 1 00
sbousseaden/Adama
Searches For Threat Hunting and Security Analytics
3 1 03
sbousseaden/PythonForWindows
A codebase aimed to make interaction with Windows and native execution easier
Language:Python3 1 01
sbousseaden/OffensiveVBA
This repo covers some code execution and AV Evasion methods for Macros in Office documents
Language:VBA2 1 04
sbousseaden/Windows-Kernel-Explorer
A free but powerful Windows kernel research tool.
2 1 01
sbousseaden/eqllib
Language:Python1 1 01
sbousseaden/ExchangeLogCollector
Exchange Log Collection Script
Language:PowerShell1 1 0
sbousseaden/HyperDbg
The Source Code of HyperDbg Debugger 🐞
Language:C1 1 01
sbousseaden/injectAllTheThings
Seven different DLL injection techniques in one single project.
Language:C1 1 01
sbousseaden/ioc-scanner-CVE-2019-19781
Indicator of Compromise Scanner for CVE-2019-19781
Language:Shell1 1 0
sbousseaden/LinEnum
Scripted Local Linux Enumeration & Privilege Escalation Checks
Language:Shell1 2 0
sbousseaden/malware-ioc
Indicators of Compromises (IOC) of our various investigations
Language:YARA1 1 0
sbousseaden/Revoke-Obfuscation
PowerShell Obfuscation Detection Framework
Language:PowerShell1 1 0
sbousseaden/sigma
Generic Signature Format for SIEM Systems
Language:Python1 2 0
sbousseaden/webshell
This is a webshell open source project
Language:PHP1 1 01
sbousseaden/Windows-classic-samples
This repo contains samples that demonstrate the API used in Windows classic desktop applications.
1 1 01
sbousseaden/CVE-2020-0688_EXP
CVE-2020-0688_EXP Auto trigger payload & encrypt method
Language:Python1 01
sbousseaden/CVE-2020-0796-PoC
PoC for triggering buffer overflow via CVE-2020-0796
Language:Python1 0
sbousseaden/detection-rules
Rules for Elastic Security's detection engine
sbousseaden/fastir_artifacts
Live forensic artifacts collector
Language:Python1 0
sbousseaden/mbc-markdown
MBC content in markdown
1 0
sbousseaden/protections-artifacts
Elastic Security detection content for Endpoint
Language:YARA1 0
sbousseaden/WindowsProtocolTestSuites
Windows Protocol Test Suites provide interoperability testing against an implementation of the Windows open specifications.
Language:C#1 0
sbousseaden/ysoserial.net
Deserialization payload generator for a variety of .NET formatters
Language:C#1 0