A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.

Microsoft Sentinel SOC Operations

Deploy and maintain Symon through the Splunk Deployment Sever

Malware Sample Sources

Consolidation of various resources related to Microsoft Sysmon & sample data/log

Threat Hunting with ELK Workshop (InfoSecWorld 2017)

This repository contains tools used by 401trg.

Pushes Sysmon Configs

recon-ng modules for Censys

PowerShell Script to facilitate the processing of SRUM data for on-the-fly forensics and if needed threat hunting

Tracking APT IOCs

Signatures and IoCs from public Volexity blog posts.

Capture passwords of login attempts on non-existent and disabled accounts.

Domain Connectivity Analysis Tools to analyze aggregate connectivity patterns across a set of domains during security investigations

#ThreatHunting #DFIR #Malware #Detection Mind Maps

Owlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact))..

the fastest way to consume threat intelligence.

Collection of malware persistence and hunting information. Be a persistent persistence hunter!

ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.

PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.