VP Labs, Threat Research & Intelligence at Arctic Wolf, GSE #132, SANS Author & Senior Instructor, Creator of Think Red. ActBlue. Founder of The Monday Brief
blueteam_homelabs. Great List of Resources to Build an Enterprise Grade Home Lab
937rastrea2r. Collecting & Hunting for IOCs with gusto and style
118Bro-samples. Network Forensics Bro scripts & pcap samples
63jupyter-notebooks. My Jupyter Notebooks
37Talks-and-Presentations. Slides and Other Resources from my latest Talks and Presentations
24Audit_Host-Baseline. A set of Bash scripts that allows you to repeatably collect and compare baseline audit data from Linux and Windows systems
20malware-samples. Source code, or code snippets of samples found while doing research, when available (no binaries).
8container-attack-navigator. MITRE ATT&CK Navigator in a Docker Container
6ThreatHunter-Playbook. A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
5BAYA. Automated Extraction & Analysis of Valuable Security Data Elements
5attack-navigator-4.1. MITRE ATT&CK Navigator 4.1
5Incident-Response. PowerShell
5IR-Scripts. A set of scripts useful in Incident Response
4theZoo. A repository of LIVE malwares for your own joy and pleasure
4TheHiveDocs. Documentation of TheHive
3rsac2025. AI, Automation, & Threat Modeling: Lessons Learned from Hacking the Planet
3Hacme-Dogs. Learn basic fuzzing and explotation techniques with a simple network listener vulnerable to a stack based overflow written in C
3bro-scripts. Various Zeek (Bro) NSM scripts
3CyLR. CyLR - Live Response Collection Tool
2maltrail. Malicious traffic detection system
2FIR. Fast Incident Response
2passivedns. A network sniffer that logs all DNS server replies for use in a passive DNS setup
1sysmon-config. Sysmon configuration file template with default high-quality event tracing
1ip-reputation. Python
1Incident-Playbook. GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]
1tyrellgrid. Enter the Tyrell Grid
1SiteParser. Proof of concept tool to get JavaScript and analyze it for evil
1OpenCNA. OpenCNA (Collection & Normalization & Analysis)
1dettect. DeTTECT Dockerfile
1nishang. Nishang - PowerShell for penetration testing and offensive security.
1