Skip to content
View medtemo's full-sized avatar
2 followers · 5 following

Block or report medtemo

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse

Stars

Showing results

mdecrevoisier / Microsoft-eventlog-mindmap

Set of Mindmaps providing a detailed overview of the different #Microsoft auditing capacities for Windows, Exchange, Azure,...

1,066 181 Updated Sep 4, 2024

atc-project / atc-react

A knowledge base of actionable Incident Response techniques

Python 636 115 Updated May 31, 2022

wagga40 / Zircolite

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

Python 707 96 Updated Apr 6, 2025

WithSecureLabs / chainsaw

Rapidly Search and Hunt through Windows Forensic Artefacts

Rust 3,102 274 Updated Mar 23, 2025

AndrewRathbun / DFIRMindMaps

A repository of DFIR-related Mind Maps geared towards the visual learners!

518 67 Updated Sep 2, 2022

kgretzky / evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

Go 12,822 2,227 Updated Jan 21, 2025

medtemo / guacamole-docker-compose

Forked from boschkundendienst/guacamole-docker-compose

Guacamole with docker-compose using PostgreSQL, nginx with SSL (self-signed)

Shell 1 Updated May 27, 2023

boschkundendienst / guacamole-docker-compose

Guacamole with docker-compose using PostgreSQL, nginx with SSL (self-signed)

Shell 1,095 433 Updated Feb 8, 2025

stuhli / awesome-event-ids

Collection of Event ID ressources useful for Digital Forensics and Incident Response

611 86 Updated Jun 19, 2024

APTA-Technologies / APTAAnomaly

Windows event log anomaly detection powered by ATPA technologies

26 2 Updated Dec 22, 2022

gravitational / teleport

The easiest, and most secure way to access and protect all of your infrastructure.

Go 18,288 1,817 Updated Apr 13, 2025

bartblaze / PHP-backdoors

A collection of PHP backdoors. For educational or testing purposes only.

PHP 2,224 470 Updated Mar 9, 2024

jmpsec / osctrl

Fast and efficient osquery management

Go 436 56 Updated Apr 12, 2025

IllusiveNetworks-Labs / HistoricProcessTree

An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree view.

Python 60 6 Updated Jan 30, 2018

williballenthin / process-forest

Reconstruct process trees from event logs

Python 147 29 Updated Aug 12, 2020

microsoft / msticpy

Microsoft Threat Intelligence Security Tools

Python 1,840 326 Updated Apr 8, 2025

cyberdefendersprogram / oscp-study-group-workbook

OSCP Study Group Workbook and Guide

6 7 Updated Aug 26, 2020

olafhartong / ATTACKdatamap

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

PowerShell 352 64 Updated Nov 3, 2020

rabobank-cdc / DeTTECT

Detect Tactics, Techniques & Combat Threats

SCSS 2,137 339 Updated Jan 29, 2025

hasherezade / hollows_hunter

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

C 2,145 269 Updated Mar 30, 2025

medtemo / threathunting-spl

Forked from inodee/threathunting-spl

Splunk code (SPL) for serious threat hunters and detection engineers.

1 Updated Sep 24, 2021

ashwin-patil / blue-teaming-with-kql

Repository with Sample KQL Query examples for Threat Hunting

210 36 Updated Sep 1, 2022

netevert / sentinel-attack

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

1,067 207 Updated Nov 28, 2024

inodee / threathunting-spl

Splunk code (SPL) for serious threat hunters and detection engineers.

275 39 Updated Jan 15, 2024

alias454 / ansible-splunk-playbook

Install a full Splunk Enterprise Cluster or Universal forwarder using an ansible playbook

Shell 52 28 Updated May 24, 2020

mdecrevoisier / EVTX-to-MITRE-Attack

Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.

561 89 Updated Jan 15, 2025

mrebeschini / elastic-siem-workshop

Shell 27 9 Updated Apr 27, 2020

lmakonem / ELK-SIEM-Ansible-Playbook

Ansible Playbook to install the ELK Stack

Shell 42 28 Updated Aug 6, 2020

3CORESec / SIEGMA

SIEGMA - Transform Sigma rules into SIEM consumables

Python 149 22 Updated Mar 10, 2025

TonyPhipps / SIEM

SIEM Tactics, Techiques, and Procedures

PowerShell 616 103 Updated Feb 24, 2025
Next