- ๐ My Detection Lists for SOC/DFIR
- ๐งช PurpleTeam scripts and notes
- ๐๏ธ LOLC2
- ๐ฆ LOLEXFIL
- โ๏ธ LOLfSaas
- ๐ BADGUIDs
- ๐ VSXSentry
- ๐งฉ EXTSentry
- ๐งฉExtSentry-Guard
- ๐ผ Nehboro
- ๐งฉ nehboro
- ๐ง TOR archive
- ๐ณ๏ธ SINKHOLED
- ๐ Threat Intelligence Reports Database
- ๐พ Threat Hunting artifacts
- ๐ ๏ธ Threat Hunting yara rules
- ๐ก๏ธ Browser Extensions
- ๐งฉ TraceGlyph
- ๐งฉ Masquerade-Spoofer
- ๐งฉ ExtSentry-Guard
- ๐งฉ threatcheck
- ๐งฉ nehboro
Details
- Threat Hunting - Suspicious Named pipes
- Event Log Manipulations - Time slipping
- Threat Hunting - Suspicious Service names
- Threat Hunting - Suspicious User-agents
- Detecting DNS over HTTPS
- Threat Hunting - Suspicious TLDs
- OSINT - Catching my hacker via leaked datases
- Detecting DLL Hijacking techniques from HijackLibs With Splunk
- How Threat Actors use Pastebin
- Detecting Phishing attempts with DNSTWIST
- File Integrity monitoring with Auditd
- How Threat Actors use Github
- Detecting Browser extensions installations
- C2 Hiding in plain sight
- Detecting PSEXEC and similar tools
- Detecting Phishing attempts with Wetransfer
- Detecting HTML smuggling Phishing attempts
- More content on Medium and Twitter/BlueSky