mbrownnycnyc,github

activecountermeasures_networkthreathuntertraining

notes on: https://www.activecountermeasures.com/network-threat-hunter-training/

alert_manager

Extended Splunk Alert Manager with advanced reporting on alerts, workflows (modify assignee, status, severity) and auto-resolve features

antisyphon_activedefensecyberdeception_jan2022

argus_outlier

The beginnings of analyzing/mining data produced off the argus network probe by argus-clients.

atomic-threat-coverage

Actionable analytics designed to combat threats based on MITRE's ATT&CK.

attackdatamap

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

Uses a FileSystemWatcher to monitor some file targeted activities. Command line based. Apparently, I was attempting to write something that will send alerts to a nagios server by using sendnsca.exe, but didn't finish.

cka

cloud_practionier

cryptoblocker

A script to deploy File Server Resource Manager and associated scripts to block infected users

dfsr_data_tester

Performs create, truncate, delete, flush, close operations on a target file. Useful for analyzing system activity (like DFS-R). Watch out for the really sweet icon.

folder_change_watcher

Feed it a folder and it will track changes using a FileSystemWatcher() for you, excluding DfsrPrivate, of course.

hpe3par_pstoolkit

PowerShell Toolkit for HPE Primera and 3PAR supports PowerShell cmdlets, which are wrappers around the native HPE Primera and 3PAR storage CLI commands and Web Services APIs (WSAPI)

keep_on_screener

Replacement for a function of nVidia's driver software nView Desktop that stops windows from spanning screens. Optionally, keeps windows on screen.

lapsimplementationguide

This is a Microsoft LAPS (Local Administrator Password Solution) implementation guide I wrote in 2015. It might be out of date and is chock-full-o' kludgy powershell... definitely not my best work (I mean, no custom objects! c'mon!)

malwless

Test Blue Team detections without running any attack.

nistnotes

Notes on NIST papers

old_msi_tools

old windows install sdk and an old tool by Heath Stewart called msix https://devblogs.microsoft.com/setup/patch-files-extractor/

opensource-endpoint-monitoring

This repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.

owa_search_cli

Because Outlook and OWA search suck. Searches a mailbox for email items based on a variety of criteria using Exchange Web Services managed API in Exchange Server 2007/2010/+. Returns interesting fields of and an OWA link to mail items.