Collection of example YARA-L rules for use within Google Security Operations

CF-Hero is a reconnaissance tool that uses multiple data sources to discover the origin IP addresses of Cloudflare-protected web applications

CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Compliance/Audit Management and supporting +70 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, …

Open YARA scan- and search engine

No-code multi-agent framework to build LLM Agents, workflows and applications with your data

An implementation of a Windows Event Collector server running on GNU/Linux.

AV/EDR Lab environment setup references to help in Malware development

MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs

A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.

ADXFlowmaster helps SecOps teams Threat Hunt suspicious network traffic inside & outside of Azure.

A tool for auditing network shares in an Active Directory environment

Remote access and Antivirus Logging Database

Sentinel Logic Apps, Playbooks and Workbooks to automate enrichment, incident analysis and more.

Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Pers…

ShellSweeping the evil.

A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID

Collection of Microsoft Identity Threat Detection and Response resources.

An analytical challenge created to test junior analysts looking to try performing proactive and reactive cyber threat intelligence.

Sample queries and data as part of the Microsoft Press book, The Definitive Guide to KQL

Cover various security approaches to attack techniques and also provides new discoveries about security breaches.

Takajō (鷹匠) is a Hayabusa results analyzer.

know the rules that have changed between 2 Sigma rules folder

This repo contains all my personal Sublime Security detection rules.

A python utility for creating timestamp heatmaps in ploty

Using plotly to perfom data visualization of ransomware leak site data

C2 Active Scanner

An evolving repository of CloudTrail events with detailed descriptions, MITRE ATT&CK insights, real-world incidents, references and security implications

Splunk Docker GitHub Repository

A repository of curated lists with elements such as IoCs to use for threat hunting & detection queries.