Short: a Red Team’s SIEM.
Longer: a Red Team’s SIEM that serves two main goals:
RedELK uses the typical components Filebeat (shipping), Logstash (filtering), Elasticsearch (storage) and Kibana (viewing).
Rsync is used for a second syncing of teamserver data: logs, keystrokes, screenshots, etc. Nginx is used for authentication to Kibana, as well as serving the screenshots, beaconlogs, keystrokes in an easy way in the operator’s browser.
A set of python scripts are used for heavy enriching of the log data, and for for Blue Team detection.
This repository will be used to add documents, pictures, etc on LEA efforts; Indictments, Seizure…
A cheat sheet for pentesters and researchers about deserialization vulnerabilities in various Java (JVM) serialization…
C# port of ZeroMemoryEx's Terminator, so all hail goes to him. Usage You can download…
We delve into the process of setting up a RedELK server, focusing on the critical…
The RedELK client components using Ansible, a powerful automation tool that streamlines the installation and…
Crawl4AI simplifies asynchronous web crawling and data extraction, making it accessible for large language models…