https://github.com/outflanknl/RedELK
- Enhanced usability and overview for the red team operators by creating a central location where all relevant operational logs from multiple teamservers are collected and enriched. This is
great for historic searching within the operation as well as giving a
read-only view on the operation (e.g. for the White Team). Especially
useful for multi-scenario, multi-teamserver, multi-member and
multi-month operations. Also, super easy ways for viewing all
screenshots, IOCs, keystrokes output, etc. \o/
- Spot the Blue Team by having a central location where all traffic logs from redirectors are collected and enriched. Using specific
queries its now possible to detect that the Blue Team is investigating
your infrastructure.