Rob Gresham's Projects
Various public documents, whitepapers and articles about APT campaigns
Actionable analytics designed to combat threats based on MITRE's ATT&CK.
A knowledge base of actionable Incident Response techniques
Small and highly portable detection tests.
Actionable analytics designed to combat threats based on MITRE's ATT&CK.
A curated list of the most important and useful resources about elasticsearch: articles, videos, blogs, tips and tricks, use cases. All about Elasticsearch!
Use your OS X terminal shell to do awesome things.
A curated list of awesome Python frameworks, libraries, software and resources
A curated list of Awesome Threat Intelligence resources
:beer: The missing package manager for OS X
Bro Log Cheatsheets
CyLR CDQR Forensics Virtual Machine (CCF-VM): An all-in-one solution to parsing collected data, making it easily searchable with built-in common searches, enable searching of single and multiple hosts simultaneously
The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux and MacOS devices
CyLR - Live Response Collection Tool
Prototype Demo Code
Detect Tactics, Techniques & Combat Threats
Script to convert emails to PDF from the command-line, as well as detach recognized attachments. Helps to process incoming emails and assist automatically with a non-paper paperwork workflow. Designed to work in tandem with getmail to convert forwarded emails to PDF automatically.
CrowdStrike Falcon Orchestrator provides automated workflow and response capabilities
Fast Incident Response
A list of cool features of Git and GitHub.
Open-Source Phishing Toolkit
NSA Information Assurance tool that provides situational awareness for ICS/SCADA network security assessments. iadgov
The Incredible HELK
A powershell script for creating a Windows honeyport.
InvestigationPlaybookSpec
Just-Metadata is a tool that gathers and analyzes metadata about IP addresses. It attempts to find relationships between systems within a large dataset.
A Powershell incident response framework
Malicious traffic detection system
nmap-parser-xml-to-csv