Powershell collection designed to assist in Threat Hunting Windows systems.
-
Updated
Jan 14, 2018 - PowerShell
Powershell collection designed to assist in Threat Hunting Windows systems.
PowerShell module for creating and managing Sysinternals Sysmon config files.
PSEmailRep is a simple PowerShell module to interface with the EmailRep.io API.
Using powershell to determine if a URL is malicious, as well as grabbing other info
PowerShell module wrapper for the Collective Intelligence Framework (CIF) v3 API
Generates threat feed IP list from the AbuseIPDB API
Grabs the latest Openphish URL list
Grabs the latest URLHaus list
Powershell based script to Verify malware Indicators of Compromise (IOC Hashes, domains, IPs) against databases such as VirusTotal and Kaspersky
CyberThreat Monitor (SIEM Lab) with Microsoft Azure is a comprehensive threat monitoring solution built on Azure Sentinel, providing real-time visibility into global cyber threats.
Microsoft Sentinel SOC Operations
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.
Powershell script to help Speed up Threat hunting incident response processes
Deobfuscates PowerShell format strings
Triage an IP using powershell
Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so on
Add a description, image, and links to the threat-intelligence topic page so that developers can more easily learn about it.
To associate your repository with the threat-intelligence topic, visit your repo's landing page and select "manage topics."