GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → tvfischer → ps-srum-hunting

tvfischer / ps-srum-hunting

Licence: MPL-2.0 license
PowerShell Script to facilitate the processing of SRUM data for on-the-fly forensics and if needed threat hunting

Programming Languages

powershell
5483 projects

Labels

threat-huntingirsrum

Projects that are alternatives of or similar to ps-srum-hunting

Azure-Sentinel-4-SecOps
Microsoft Sentinel SOC Operations
Stars: ✭ 140 (+775%)
Mutual labels:  threat-hunting, ir
SysmonResources
Consolidation of various resources related to Microsoft Sysmon & sample data/log
Stars: ✭ 64 (+300%)
Mutual labels:  threat-hunting
Yara Rules
A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.
Stars: ✭ 206 (+1187.5%)
Mutual labels:  threat-hunting
mail to misp
Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.
Stars: ✭ 61 (+281.25%)
Mutual labels:  threat-hunting
Threat Hunting
Personal compilation of APT malware from whitepaper releases, documents and own research
Stars: ✭ 219 (+1268.75%)
Mutual labels:  threat-hunting
utilities
This repository contains tools used by 401trg.
Stars: ✭ 19 (+18.75%)
Mutual labels:  threat-hunting
Adaz
🔧 Automatically deploy customizable Active Directory labs in Azure
Stars: ✭ 197 (+1131.25%)
Mutual labels:  threat-hunting
csirtg-smrt-v1
the fastest way to consume threat intelligence.
Stars: ✭ 27 (+68.75%)
Mutual labels:  threat-hunting
DomainCAT
Domain Connectivity Analysis Tools to analyze aggregate connectivity patterns across a set of domains during security investigations
Stars: ✭ 34 (+112.5%)
Mutual labels:  threat-hunting
evtx-hunter
evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.
Stars: ✭ 122 (+662.5%)
Mutual labels:  threat-hunting
Threat Intel
Archive of publicly available threat INTel reports (mostly APT Reports but not limited to).
Stars: ✭ 252 (+1475%)
Mutual labels:  threat-hunting
Osweep
Don't Just Search OSINT. Sweep It.
Stars: ✭ 225 (+1306.25%)
Mutual labels:  threat-hunting
Owlyshield
Owlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact))..
Stars: ✭ 281 (+1656.25%)
Mutual labels:  threat-hunting
Werdlists
⌨️ Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases
Stars: ✭ 216 (+1250%)
Mutual labels:  threat-hunting
yair
🦜 yair - a high-level compiler IR entirely written in Rust
Stars: ✭ 34 (+112.5%)
Mutual labels:  ir
Slides
Misc Threat Hunting Resources
Stars: ✭ 203 (+1168.75%)
Mutual labels:  threat-hunting
Mihari
A helper to run OSINT queries & manage results continuously
Stars: ✭ 239 (+1393.75%)
Mutual labels:  threat-hunting
Judge-Jury-and-Executable
A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.
Stars: ✭ 66 (+312.5%)
Mutual labels:  threat-hunting
ThreatIntelligence
Tracking APT IOCs
Stars: ✭ 23 (+43.75%)
Mutual labels:  threat-hunting
thremulation-station
Small-scale threat emulation and detection range built on Elastic and Atomic Redteam.
Stars: ✭ 28 (+75%)
Mutual labels:  threat-hunting
View All Similar Projects ➔

ps-srum-hunting - a PowerShell Threat Hunting Dcript Repository

PowerShell Script to facilitate the processing of SRUM data for on-the-fly forensics and to initiate simple investigation or use as a potential threat hunting tool.

NOTE-1: This Repository is currently under development and is being shared to get as much input as possible on feature sets and directions.

NOTE-2: This is currently raw material and requires a lot ot TLC which will come

Repository Task List

The following activities still need processing and completion.

  • Fix get table rows to process information in SruDbIdMapTable, need a separate function
  • Build script to merge SruDBID references into other table data extracts
  • Pull registry information
  • Build a module for SRUM
  • ???

References, inspirations and useful connections

Following is a list of references and inspirations as well as other projects that have helped guide the work for this project.

Title Author Link
SRUM forensics Yogesh Khatri https://www.sans.org/summit-archives/file/summit-archive-1492184583.pdf
srum-dump Mark Baggett https://github.com/MarkBaggett/srum-dump
Extensible Storage Engine (ESE) Database File (EDB) format Joachim Metz https://github.com/libyal/libesedb
System Resource Usage Monitor (SRUM) database Joachim Metz https://github.com/libyal/esedb-kb/blob/master/documentation/System%20Resource%20Usage%20Monitor%20(SRUM).asciidoc
Extensible Storate Engine (ESE) Cmdlets BAMCIS Networks https://github.com/bamcisnetworks/ESENT
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].