Stars
Convert Microsoft Defender Antivirus Signatures (VDM) into YARA rules
Extracted Yara rules from Windows Defender mpavbase and mpasbase
.NET wrapper for libyara built in C++ CLI used to easily incorporate yara into .NET projects
Set of Mindmaps providing a detailed overview of the different #Microsoft auditing capacities for Windows, Exchange, Azure,...
ipsets dynamically updated with firehol's update-ipsets.sh script
This repo contains information on how to auto deploy Sysmon via GPO and Task Scheduler
KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.
Logging Made Easy (LME) is a no cost, open source platform that centralizes log collection, enhances threat detection, and enables real-time alerting, helping small to medium-sized organizations se…
A repository for using windows event forwarding for incident detection and response
Encoded Hayabusa and Sigma rules to avoid anti-virus false positives and reduce files stored on target systems.
Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsacyber
Investigate malicious Windows logon by visualizing and analyzing Windows event log
Generate C# FFI from Rust for automatically brings native code and C native library to .NET and Unity.
PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments
Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.
Sample evtx files to use for testing hayabusa detection rules
WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
A Windows event logging and collection baseline focused on finding balance between forensic value and optimising retention.