Main Sigma Rule Repository
-
Updated
Jun 30, 2024 - Python
Main Sigma Rule Repository
Hands-on cybersecurity training projects for beginners, focusing on vulnerability management, incident response, and log analysis
系统监控开发套件(sysmon、procmon、edr、终端安全、主机安全、零信任、上网行为管理、沙箱)
A commandline simulator for System Monitor(Sysmon) testing, rewritten in Golang
This project sets up an Active Directory environment and configures Splunk to ingest events from a Windows Server and a target machine. We perform a brute force attack using Kali Linux to observe telemetry and use Atomic Red Team for additional testing. Goals: enhance IT administration skills, event monitoring, and threat detection.
A simple System monitor(Sysmon) EVTX inspector; search, visualize, and track Sysmon events
Design and implementing a Home Lab consisting of 4 different virtual machines in a virtual network, for use in professional IT portfolio projects.
Atlas ITSI Content Pack for Linux Sysmon
Utilities for Sysmon
This script enhances endpoint logging telemetry for the purpose of advanced malware threat detection or for building detections or malware analysis. This can be used in production, however you might want to tune the GPO edits as needed.
A repository of sysmon configuration modules
Test Blue Team detections without running any attack.
The lab involves setting up a virtualized environment with Oracle VM VirtualBox, creating Windows 10, Kali Linux, Windows Server, and Ubuntu Server VMs. Tools like Splunk, Sysmon, and Crowbar are used for security testing. Participants configure networks, join Windows to Active Directory, and practice PowerShell scripting.
A simplified EVTX file parser wrapping 0xrawsec's golang-evtx module
Simple system monitoring over MQTT
Analyzing PowerShell execution on Windows systems.
Add a description, image, and links to the sysmon topic page so that developers can more easily learn about it.
To associate your repository with the sysmon topic, visit your repo's landing page and select "manage topics."