Six Degrees of Domain Admin

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities.

Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as wel…

SkyArk helps to discover, assess and secure the most privileged entities in Azure and AWS

Egress-Assess is a tool used to test egress data detection capabilities

Powershell-based Windows Security Auditing Toolbox

A collection of red team and adversary emulation resources developed and released by MITRE.

DARKSURGEON is a Windows packer project to empower incident response, digital forensics, malware analysis, and network defense.

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

EventList

Enumeration and reconnaissance activities in the Microsoft Azure Cloud.

PowerShell script which allows pausing\unpausing Win32/64 exes

Powershell MS Outlook enumeration and phishing tool

Rapidly building a Windows 10 system to use for dynamic malware analysis (sandbox), sending data to Elastic Cloud.

Integrating Sysinternals Autoruns’ logs into Security Onion

CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows.

This is a repository from Adam Swan and I's presentation on Windows Logs Zero 2 Hero.