Incident-Playbook
EDR-Testing-Script
| Incident-Playbook | EDR-Testing-Script | |
|---|---|---|
| 10 | 1 | |
| 1,329 | 278 | |
| - | - | |
| 0.0 | 0.0 | |
| over 1 year ago | over 2 years ago | |
| Python | Batchfile | |
| MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Incident-Playbook
- Cyber Playbooks
- Goal: Incident Response Playbooks Mapped to Mitre Attack Tactics and Techniques
- austinsonger/Incident-Playbook - Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]
- Github Incident Playbooks "Incident Response Process and Playbooks | Goal: Playbooks to be Mapped to MITRE Attack Techniques"
- Github: austinsonger/Incident-Playbooks "Incident Response Process and Playbooks | Goal: Playbooks to be Mapped to MITRE Attack Techniques"
- Incident Response Process and Playbooks Mapped to Mitre Attack Technique
- Incident Response Process and Playbooks
EDR-Testing-Script
-
Kaspersky Endpoint Security issue
I downloaded and executed script from GitHub, EDR Testing Script and it failed miserably. It allowed everything to be downloaded and executed, let remote shell scripts to be run, files to install, and it did that as a user. I didn't even run that script as an admin. Worse thing is, KES uninstalled itself afterwards.
What are some alternatives?
atomic-red-team - Small and highly portable detection tests based on MITRE's ATT&CK.
security - Collection of CVEs from Sick Codes, or collaborations on https://sick.codes security research & advisories.
ansible-navigator - A text-based user interface (TUI) for Ansible.
iMonitorSDK - 系统监控开发套件(sysmon、procmon、edr、终端安全、主机安全、零信任、上网行为管理、沙箱)
caldera - Automated Adversary Emulation Platform
WhiteBeam - WhiteBeam: Transparent endpoint security
threathunting - A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
plgx-esp - Community Edition of the PolyLogyx Endpoint Security Platform; An open source and extensible platform to manage and monitor endpoints, based on osqery agent
content - Demisto is now Cortex XSOAR. Automate and orchestrate your Security Operations with Cortex XSOAR's ever-growing Content Repository. Pull Requests are always welcome and highly appreciated!
Atlas - 🚀 An open and lightweight modification to Windows, designed to optimize performance, privacy and security.
Incident-Response-Playbooks
Wazuh - Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.