Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mhaggis/hunt-detect-prevent

Lists of sources and utilities utilized to hunt, detect and prevent evildoers.
https://github.com/mhaggis/hunt-detect-prevent

hunt microsoft powershell

Last synced: about 2 months ago
JSON representation

Lists of sources and utilities utilized to hunt, detect and prevent evildoers.

Awesome Lists containing this project

README

        

# hunt-detect-prevent

Lists of sources and utilities to hunt, detect and prevent evildoers.

# Hunt, Detect & Prevent -- Resources

**AD Security**

https://jimshaver.net/2016/02/14/defending-against-mimikatz/

https://adsecurity.org/?p=559

**Microsoft EMET**

https://support.microsoft.com/en-us/kb/2458544

**Microsoft ATA**

https://blogs.technet.microsoft.com/enterprisemobility/2016/12/12/will-advanced-threat-analytics-help-me-with-non-windows-oss/

**Microsoft File Screening**

http://olivermarshall.net/using-file-screening-to-help-block-cryptolocker/

http://blog.netwrix.com/2016/04/11/ransomware-protection-using-fsrm-and-powershell/

**Threat Hunting**

https://github.com/ThreatHuntingProject/ThreatHunting

**Powershell**

Log hunting with powershell

http://909research.com/windows-log-hunting-with-powershell/

https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/increased-use-of-powershell-in-attacks-16-en.pdf

https://isc.sans.edu/diary/21829
- powershell blocked via windows firewall (same for cscript/wscript)

POSH to read event logs
- http://www.tinyurl.com/504extra2

https://files.sans.org/summit/DFIR_Summit_Prague_2016/PDFs/PowerShell-obFUsk8tion-Techniques-David-Bohannon.pdf

https://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html

**Windows event forwarding**

https://blogs.technet.microsoft.com/russellt/2017/05/09/project-sauron-introduction/

https://blogs.technet.microsoft.com/jepayne/2015/11/23/monitoring-what-matters-windows-event-forwarding-for-everyone-even-if-you-already-have-a-siem/

http://909research.com/sysmon-the-best-free-windows-monitoring-tool-you-arent-using/

https://blogs.technet.microsoft.com/wincat/2008/08/11/quick-and-dirty-large-scale-eventing-for-windows/

**EDR**

CarbonBlack

limacharlie

OSQuery

**Logging**

Logging debrief--

https://www.malwarearchaeology.com/logging/

[ELK](https://www.elastic.co/products)

[Graylog](https://www.graylog.org/)

[Splunk](https://www.splunk.com/)

[alienvault](https://www.alienvault.com/)

**SCCM**

https://www.fireeye.com/blog/threat-research/2016/12/do_you_see_what_icc.html

https://github.com/PowerShellMafia/PowerSCCM

**Recommended reading:**

https://github.com/subTee

https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/

http://seclist.us/powermemory-v1-4-exploit-the-credentials-present-in-files-and-memory.html