paulmataruso/main
1
0
Fork 0
mirror of https://github.com/socfortress/Wazuh-Rules.git synced 2025-10-23 08:12:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
6c0575e07053a18679cf25889426d3a67bb26498
main/Active Response/Windows
History
taylor_socfortress fd67055c6d Update README.md
2022-09-20 10:12:52 -05:00
..
ar.conf
Update ar.conf
2022-09-20 10:12:25 -05:00
disableuseraccount.cmd
Create disableuseraccount.cmd
2022-09-20 10:12:05 -05:00
disableuseraccount.ps1
Create disableuseraccount.ps1
2022-09-20 10:11:11 -05:00
domainsinkhole.cmd
Create domainsinkhole.cmd
2022-08-20 09:44:57 -05:00
domainsinkhole.ps1
Create domainsinkhole.ps1
2022-08-20 09:41:28 -05:00
README.md
Update README.md
2022-09-20 10:12:52 -05:00
windowsfirewall.cmd
Create windowsfirewall.cmd
2022-08-20 09:40:22 -05:00
windowsfirewall.ps1
Update windowsfirewall.ps1
2022-08-20 09:44:32 -05:00

README.md

Windows Active Response Awesome

Folder containing Active Response scripts to be ran on Windows Endpoints. Powershell7 required.

MIT License LinkedIn your-own-soc-free-for-life-tier

Roadmap

  • Create local firewall rule to block outbound connections to a malicious IP
  • DNS sinkhole a malicious domain (route to localhost 127.0.0.1)
  • Disable local user account
  • Kill a malicious process
  • Feel free to bring ideas 😄

Need Help?

SOCFortress - LinkedIn - info@socfortress.co

Let SOCFortress Professional Services Take Your Open Source SIEM to the Next Level

Banner