Awesome-Mirrors/awesome-cybersecurity-blueteam
1
0
Fork 0
mirror of https://github.com/fabacab/awesome-cybersecurity-blueteam.git synced 2024-10-01 01:15:39 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add several more automation and Windows-based tools.

Browse Source
This commit is contained in:
Meitar M 2018-08-05 17:35:00 -04:00
parent a1be3648db
commit 5964b2cc6f
No known key found for this signature in database
GPG Key ID: 07EFAA28AB94BC85
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
README.md
View File

@ -27,6 +27,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
- [Autosnort](https://github.com/da667/Autosnort) - Series of bash shell scripts designed to install a fully functional, fully updated stand-alone snort sensor with an IDS event review console of your choice, on a variety of Linux distributions.
- [MLSec Combine](https://github.com/mlsecproject/combine) - Gather and combine multiple threat intelligence feed sources into one customizable, standardized CSV-based format.
- [Posh-VirusTotal](https://github.com/darkoperator/Posh-VirusTotal) - PowerShell interface to VirusTotal.com APIs.
- [Sticky Keys Slayer](https://github.com/linuz/Sticky-Keys-Slayer) - Establishes a Windows RDP session from a list of hostnames and scans for accessibility tools backdoors, alerting if one is discovered.
- [Windows Secure Host Baseline](https://github.com/nsacyber/Windows-Secure-Host-Baseline) - Group Policy objects, compliance checks, and configuration tools that provide an automated and flexible approach for securely deploying and maintaining the latest releases of Windows 10.
@ -48,9 +49,14 @@ See also [awesome-honeypots](https://github.com/paralax/awesome-honeypots).
## Incident Response (IR) tools
See also [awesome-incident-response](https://github.com/meirwah/awesome-incident-response).
- [CIRTKit](https://github.com/opensourcesec/CIRTKit) - Scriptable Digital Forensics and Incident Response (DFIR) toolkit built on Viper.
- [CimSweep](https://github.com/PowerShellMafia/CimSweep) - Suite of CIM/WMI-based tools enabling remote incident response and hunting operations across all versions of Windows.
- [GRR Rapid Response](https://github.com/google/grr) - Incident response framework focused on remote live forensics consisting of a Python agent installed on assets and Python-based server infrastructure enabling analysts to quickly triage attacks and perform analysis remotely.
- [OSXCollector](https://github.com/Yelp/osxcollector) - Forensic evidence collection & analysis toolkit for OSX.
- [PSHunt](https://github.com/Infocyte/PSHunt) - PowerShell module designed to scan remote endpoints for indicators of compromise or survey them for more comprehensive information related to state of those systems.
- [PowerForensics](https://github.com/Invoke-IR/PowerForensics) - All in one PowerShell-based plaall in one platform for live disk forensic analysis tform for live hard disk forensic analysis.
- [ir-rescue](https://github.com/diogo-fernan/ir-rescue) - Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
## Network Security Monitoring (NSM)
@ -109,7 +115,10 @@ See also [awesome-honeypots](https://github.com/paralax/awesome-honeypots).
## Windows-based defenses
- [HardenTools](https://github.com/securitywithoutborders/hardentools) - Utility that disables a number of risky Windows features.
- [NotRuler](https://github.com/sensepost/notruler) - Detect both client-side rules and VBScript enabled forms used by the [Ruler](https://github.com/sensepost/ruler) attack tool when attempting to compromise a Microsoft Exchange server.
- [WMI Monitor](https://github.com/realparisi/WMI_Monitor) - Log newly created WMI consumers and processes to the Windows Application event log.
- [DeepBlueCLI](https://github.com/sans-blue-team/DeepBlueCLI) - PowerShell module for hunt teaming via Windows Event logs.
# License