ScarredMonk/DefenderNotify

Stars
3
Rank 3,963,521 (Top 79 %)
Language
PowerShell
License
GNU Lesser Genera...
Created almost 3 years ago
Updated almost 3 years ago

ScarredMonk/DefenderNotify

ScarredMonk

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

NotifyIcon for Defender from WMI Event Watcher task

SysmonSimulator

Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams.

PopulateActiveDirectory

Powershell script to build active directory forest and populate AD with random AD objects including AD users objects, computers objects, groups objects, GPOs and network shares required. It also adds ASREProast account, kerberoastable account, and misconfigured ACLs to the domain for testing purposes

RootDSE-ActiveDirectory

This repo contains files that i refer in my blogs

ActiveDirectoryInstallation

Active Directory Installation Script

Detect-Evil-Machine

A C# tool that detects when a computer account is added to any of the created domain security groups.

Detect-DomainAdmin-Change

Description : A C# tool to detect a change to the domain admins group membership and notify this activity

ASM-NewDCAdmins

A C# tool to gather the administrators on the domain controller (including local accounts) and detects when it changes.

ASM-NewRemoteAdmins

A C# tool to gather the count of administrators on the crown jewel machine and detects when this number changes

Detect-Spray

A C# tool that detects password spraying attempt by using Active Directory user attributes

DC-Rename

It assists in renaming the Domain Controller correctly if something goes wrong while installation of test AD lab