Giter Club home page Giter Club logo

hunt-detect-prevent's Introduction

hunt-detect-prevent

Lists of sources and utilities to hunt, detect and prevent evildoers.

Hunt, Detect & Prevent -- Resources

AD Security

https://jimshaver.net/2016/02/14/defending-against-mimikatz/

https://adsecurity.org/?p=559

Microsoft EMET

https://support.microsoft.com/en-us/kb/2458544

Microsoft ATA

https://blogs.technet.microsoft.com/enterprisemobility/2016/12/12/will-advanced-threat-analytics-help-me-with-non-windows-oss/

Microsoft File Screening

http://olivermarshall.net/using-file-screening-to-help-block-cryptolocker/

http://blog.netwrix.com/2016/04/11/ransomware-protection-using-fsrm-and-powershell/

Threat Hunting

https://github.com/ThreatHuntingProject/ThreatHunting

Powershell

Log hunting with powershell

http://909research.com/windows-log-hunting-with-powershell/

https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/increased-use-of-powershell-in-attacks-16-en.pdf

https://isc.sans.edu/diary/21829

  • powershell blocked via windows firewall (same for cscript/wscript)

POSH to read event logs

https://files.sans.org/summit/DFIR_Summit_Prague_2016/PDFs/PowerShell-obFUsk8tion-Techniques-David-Bohannon.pdf

https://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html

Windows event forwarding

https://blogs.technet.microsoft.com/russellt/2017/05/09/project-sauron-introduction/

https://blogs.technet.microsoft.com/jepayne/2015/11/23/monitoring-what-matters-windows-event-forwarding-for-everyone-even-if-you-already-have-a-siem/

http://909research.com/sysmon-the-best-free-windows-monitoring-tool-you-arent-using/

https://blogs.technet.microsoft.com/wincat/2008/08/11/quick-and-dirty-large-scale-eventing-for-windows/

EDR

CarbonBlack

limacharlie

OSQuery

Logging

Logging debrief--

https://www.malwarearchaeology.com/logging/

ELK

Graylog

Splunk

alienvault

SCCM

https://www.fireeye.com/blog/threat-research/2016/12/do_you_see_what_icc.html

https://github.com/PowerShellMafia/PowerSCCM

Recommended reading:

https://github.com/subTee

https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/

http://seclist.us/powermemory-v1-4-exploit-the-credentials-present-in-files-and-memory.html

hunt-detect-prevent's People

Contributors

mhaggis avatar stahler avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.