Research repository tracking affected IPs from the Fortigate CVE-2022-40684 configuration leak by Belsen Group

A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.

Repository where I hold random detection and threat hunting queries that I come up with based on different sources of information (or even inspiration).

Investigate malicious Windows logon by visualizing and analyzing Windows event log

PowerShell tools to help defenders hunt smarter, hunt harder.

A secure low code honeypot framework, leveraging AI for System Virtualization.

AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses

PowerShell scripts for alternative SharpHound enumeration, including users, groups, computers, and certificates, using the ActiveDirectory module (ADWS) or System.DirectoryServices class (LDAP).

Cowrie SSH/Telnet Honeypot https://docs.cowrie.org/

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

Rapidly Search and Hunt through Windows Forensic Artefacts

ShellSweeping the evil.

Defanged Indicator of Compromise (IOC) Extractor.

A curated list of awesome YARA rules, tools, and people.

A community-driven repository for threat hunting ideas, methodologies, and research that serves as a central gathering place for hunters to share knowledge, collaborate on techniques, and advance t…

A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID

A small tool built to find and fix common misconfigurations in Active Directory Certificate Services.

Tool for Active Directory Certificate Services enumeration and abuse

R3D SSH Hunter: The Ultimate SSH Key and Bad Guy Tracker

Search Index Database Reporter

A list of cyber-chef recipes and curated links

ATT&CK Sync is a Center for Threat-Informed Defense project that aims to improve the ability for organizations to consume MITRE ATT&CK® version updates into their internal systems and processes.

DFIQ is a collection of investigative questions and the approaches for answering them

A modular vulnerability scanner with automatic report generation capabilities.

Automating the baseline logging settings found here: https://nullsec.us/windows-baseline-logging/

Repository documenting how Threat Intelligence and / or a Threat Intelligence Platform can prove its value to an organisation.

C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.

Simple (relatively) things allowing you to dig a bit deeper than usual.