From 17c32c45d4034d89d32e3260c526bf3783bbb872 Mon Sep 17 00:00:00 2001 From: Meitar M Date: Tue, 31 Jul 2018 17:12:06 -0400 Subject: [PATCH] Add DumpsterFire, NotRuler. --- README.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/README.md b/README.md index 920a0f5..52e8926 100644 --- a/README.md +++ b/README.md @@ -13,11 +13,13 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea - [Host-based tools](#host-based-tools) - [Network Security Monitoring (NSM)](#network-security-monitoring-nsm) - [Network perimeter defenses](#network-perimeter-defenses) +- [Practice, training, and drills](#practice-training-and-drills) - [Security Information and Event Management (SIEM)](#security-information-and-event-management-siem) - [Service and performance monitoring](#service-and-performance-monitoring) - [Threat intelligence, analytics, and reporting](#threat-intelligence-analytics-and-reporting) - [Tor Onion service defenses](#tor-onion-service-defenses) - [Transport-layer defense](#transport-layer-defenses) +- [Windows-based defenses](#windows-based-defenses) ## Firewalling distributions @@ -48,6 +50,10 @@ See also [awesome-honeypots](https://github.com/paralax/awesome-honeypots). - [fwknop](https://www.cipherdyne.org/fwknop/) - Protects ports via Single Packet Authorization in your firewall. +## Practice, training, and drills + +- [DumpsterFire](https://github.com/TryCatchHCF/DumpsterFire) - Modular, menu-driven, cross-platform tool for building repeatable, time-delayed, distributed security events for Blue Team drills and sensor/alert mapping. + ## Security Information and Event Management (SIEM) - [AlienVault OSSIM](https://www.alienvault.com/open-threat-exchange/projects) - Single-server open source SIEM platform featuring asset discovery, asset inventorying, behavioral monitoring, and event correlation, driven by AlienVault Open Threat Exchange (OTX). @@ -74,6 +80,10 @@ See also [awesome-honeypots](https://github.com/paralax/awesome-honeypots). - [OpenVPN](https://openvpn.net/) - Open source, SSL/TLS-based virtual private network (VPN). +## Windows-based defenses + +- [NotRuler](https://github.com/sensepost/notruler) - Detect both client-side rules and VBScript enabled forms used by the [Ruler](https://github.com/sensepost/ruler) attack tool when attempting to compromise a Microsoft Exchange server. + # License [![CC-BY](https://mirrors.creativecommons.org/presskit/buttons/88x31/svg/by.svg)](https://creativecommons.org/licenses/by/4.0/)