Automation scripts to deploy Windows Event Forwarding, Sysmon, and custom audit policies in an Active Directory environment.

Sysmon for Linux

Windows Event Forwarding subscriptions, configuration files and scripts that assist with implementing ACSC's protect publication, Technical Guidance for Windows Event Logging.

PowerShell - Endpoint Analysis Solution Your Windows Intranet Needs

Detect and respond to Cobalt Strike beacons using ETW.

Open Source Cloud Native Application Protection Platform (CNAPP)

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

Repository of YARA rules made by Trellix ATR Team

DoHoT: making practical use of DNS over HTTPS over Tor

Secure Shell Bruteforcer — A faster & simpler way to bruteforce SSH server

Industrial Control Systems Network Protocol Parsers

Red Teaming Tactics and Techniques

Add community_id to all Zeek logs that contain a UID

CAN Boat provides NMEA 2000 and NMEA 0183 utilities. It contains a NMEA 2000 PGN decoder and can read and write N2K messages. It is not meant as an end-user tool but as a discovery mechanism for de…

Exports MISP events to STIX and ingest into McAfee ESM

A Docker container for Openvas

A Linux Auditd rule set mapped to MITRE's Attack Framework

Cisco Config Analysis Tool

Smart Install Exploitation Tool

Sparrow.ps1 was created by CISA's Cloud Forensics team to help detect possible compromised accounts and applications in the Azure/m365 environment.

Contact: [email protected]

This content is analysis and research of the data sources currently listed in ATT&CK.

Threat intelligence and threat detection indicators (IOC, IOA)

Random hunting ordiented yara rules

Managed software installation for macOS —

IntelOwl: manage your Threat Intelligence at scale

A Suricata based IDS/IPS/NSM distro

Infection Monkey - An open-source adversary emulation platform