ThreatHunt is a simple PowerShell repository that allows you to train your threat hunting skills. ThreatHunt allows you to simulate a variety of attack techniques and procedures without leveraging malicious files. It is not a penetration system tool or framework but instead a very simple way to raise security alerts that help you to train […]
These files contain configuration for producing EDR (endpoint detection and response) data in addition to standard system logs. These configurations enable the production of these data streams using F/OSS (free and / or open source tooling.) The F/OSS tools consist of Auditd for Linux; Sysmon for Windows and Xnumon for the Mac. Also included […]
RedHunt aims to be a one stop shop for all your threat emulation and threat hunting needs by integrating attacker’s arsenal as well as defender’s toolkit to actively identify the threats in your environment. Base Machine: Lubuntu-18.04 x64 Tool Setup Attack Emulation: Caldera Atomic Red Team DumpsterFire Metta RTA Nmap CrackMapExec Metasploit Responder Zap Logging […]
WEFFLES is designed to be small and lightweight, both for speed of getting something deployed during an Incident Response and also for the sake of being sustainable in an environment going forward. It’s not necessary to be familiar with the underlying technology of Windows Event Forwarding to set up the solution as it’s scripted out […]
This is a Splunk application containing several dashboards and over 120 reports that will facilitate initial hunting indicators to investigate. You obviously need to be ingesting Sysmon data into Splunk, a good configuration can be found here Note: This application is not a magic bullet, it will require tuning and real investigative work to be […]