This is a repo that will eventually contain various resources that I have created for use in DFIR/Threat Hunting/Malware Analysis. I am hoping to upload the following:
- Microsoft Defender Advanced Hunting Queries (KQL)
- Splunk Queries (SPL)
- Volatililty Profiles (Linux)
- Python Scripts
- Others
These resources are public and available for use
Future blog posts with guides, write-ups and how-to's will be found at https://ventdrop.github.io
Coming soon
Coming soon
Coming soon
Created using the method described in the following blog post https://andreafortuna.org/2019/08/22/how-to-generate-a-volatility-profile-for-a-linux-system/
CentOS 7 / Red Hat Enterprise Linux (RHEL) 7.9
- CentOS_3.10.0-1160.105.1.el7.x86_64.zip
Coming soon