Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.

Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation of detective controls with the goal of proactively identifyin…

MemProcFS

GRR Rapid Response: remote live forensics for incident response

Cloud-native SIEM for intelligent security analytics for your entire enterprise.

Tools and Techniques for Blue Team / Incident Response

PowerShell Digital Forensics & Incident Response Scripts.

A utility to safely generate malicious network traffic patterns and evaluate controls.

Retired TrustedSec Capabilities

Main Sigma Rule Repository

Signatures and IoCs from public Volexity blog posts.

The multi-platform memory acquisition tool.

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

APIsec|SCAN - Free API security testing using Github actions

Remote access and Antivirus Logging Database

A repository of code signing certificates known to have been leaked or stolen, then abused by threat actors

Defences against Cobalt Strike

Sysmon configuration file template with default high-quality event tracing

Situational Awareness commands implemented using Beacon Object Files

DFIQ is a collection of investigative questions and the approaches for answering them

Web browser forensics for Google Chrome/Chromium

A workshop about Malware Development

Hunting queries and detections

Digital Forensics artifact repository

500+ PowerShell scripts (.ps1) for every system!

Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant

A list of books suggested by the security community to aid intelligence analysts learn to think

Awesome list of keywords and artifacts for Threat Hunting sessions

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.