Splunk code (SPL) for serious threat hunters and detection engineers.

An analytical framework for network traffic and behavioral analytics

Main Sigma Rule Repository

The idea is simply to save some quick notes that will make it easier for Splunk users to leverage KQL (Kusto), especially giving projects requiring both technologies (Splunk and Azure/Sentinel) or …

Some Threat Hunting queries useful for blue teamers

Provides an advanced input.conf file for Windows and 3rd party related software with more than 70 different event log mapped to the MITRE Att&CK

UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD…

Comprehensive toolkit for Ghidra headless.

✨ A curated list of awesome threat detection and hunting resources 🕵️‍♂️

A powerful and user-friendly browser extension that streamlines investigations for security professionals.

Simple (relatively) things allowing you to dig a bit deeper than usual.

Best Practice Auditd Configuration

Untitled Goose Tool is a robust and flexible hunt and incident response tool that adds novel authentication and data gathering methods in order to run a full investigation against a customer’s Azur…

Detect Tactics, Techniques & Combat Threats

PowerShell script helping Incident Responders discover potential adversary persistence mechanisms.

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

Collection of KQL queries

The TTPForge is a Cybersecurity Framework for developing, automating, and executing attacker Tactics, Techniques, and Procedures (TTPs).

Encyclopedia for Executables

This is a collection of threat detection rules / rules engines that I have come across.

AADInternals PowerShell module for administering Azure AD and Office 365

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

Different methods to get current username without using whoami

A query aggregator for OSINT based threat hunting

Interactive Azure Sentinel Notebooks provides security insights and actions to investigate anomalies and hunt for malicious behaviors.

Digging Deeper....

Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.