This is your work, valued
Coding mostly for threat hunting, threat intelligence, and detection engineering.
EDR-Telemetry. This project aims to compare and evaluate the telemetry of various EDR products.
2kTeleTracker. TeleTracker is a simple set of Python scripts designed for anyone investigating Telegram channels. It helps you send messages quickly and gather useful channel information easily.
535awesome-dfir-skills. A curated collection of DFIR skills and workflows for InfoSec practitioners.
320translated_conti_leaked_comms. Leaked communication of Conti ransomware group from Jan 29, 2021 to Feb 27, 2022
135Sigma_rules. Sigma rules to share with the community
126EDR-Telemetry-Website. JavaScript
76BlueSploit. BlueSploit is a DFIR framework with the main purpose being to quickly capture artifacts for later review.
33Intrusion_data. This repository is created to store the artifacts for any intrusions I share publicly.
26Threat-Intelligence-Playbooks. High-level Threat Intelligence playbooks
21TA_tooling.
10Rita-zeek_analysis. Script to install rita and zeek and then analyze related logs
10ThreatStream-API-Intelligence-calls. This script allows you to query any intelligence from your ThreatStream TIP using their RESTful API.
5Kostas_Yara-Rules. IR yara rules
4Active-Directory-Exploitation-Cheat-Sheet. A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
4awesome-incident-response. A curated list of tools for incident response
3MITRE_ATT-CK-navigator-JSON-to-HTML. HTML
2AWS_instances_automation. Python
2sigma. Generic Signature Format for SIEM Systems
2atomic-red-team. Small and highly portable detection tests based on MITRE's ATT&CK.
1templates. Document templates for open-source projects (README, CONTRIBUTING, GitHub templates)
1PyIntelOwl-Parser. This is a "plugin" colourful parser for PyIntelOwl. It takes the JSON results and parsing them in a colourful, easy to read way.
1SSH-task-automation. Python
1pyintelowl. Simple Client for Intel Owl
1