A comprehensive cybersecurity education platform featuring in-depth research, hands-on labs, and detection strategies across multiple security domains
Visit the full educational site: https://a7t0fwa7.github.io/The-Greys/
The Greys is a growing collection of cybersecurity educational content designed for security professionals, researchers, and enthusiasts. Each series provides:
- π In-depth article series covering complete attack lifecycles
- π οΈ Working code samples for hands-on learning
- π Detection rules (Sigma, Sysmon, PowerShell, EDR)
- π§ͺ Lab exercises with safe testing environments
- π― Real-world scenarios and case studies
- π‘οΈ Defensive strategies for blue teams
This platform covers multiple cybersecurity domains:
- β Attack Techniques - Understanding how attacks work
- β Detection & Hunting - Finding threats in your environment
- β Incident Response - Responding to security incidents
- β OPSEC & Evasion - Advanced adversary techniques
- β Tool Development - Building security tools
- β Forensics & Analysis - Investigating security events
Status: β Complete (7 parts) | Level: Intermediate | Platform: Windows
A comprehensive deep-dive into Windows protocol handler attacks, from basic concepts to advanced evasion techniques.
What You'll Learn:
- How Windows protocol handlers work (
mailto:,zoom://, custom schemes) - Attack techniques and persistence mechanisms
- Detection and threat hunting strategies
- Incident response procedures
- Advanced OPSEC and evasion techniques
Resources:
- π 7-part article series
- π οΈ Code samples & handlers
- π Detection rules (Sigma, Sysmon, PowerShell)
- π§ͺ Lab exercises with cleanup scripts
Series 2: Advanced Phishing Techniques (Planned)
- Email security and analysis
- Link obfuscation techniques
- Credential harvesting detection
- Anti-phishing strategies
Series 3: PowerShell Security (Planned)
- Script analysis and deobfuscation
- PowerShell logging and monitoring
- Offensive PowerShell techniques
- Detection and response
Series 4: Malware Analysis Fundamentals (Planned)
- Static and dynamic analysis
- Reverse engineering basics
- Sandbox evasion techniques
- Behavioral analysis
Series 5: Threat Hunting Methodologies (Planned)
- Hypothesis-driven hunting
- Data source analysis
- Tool development
- Hunt documentation
Want to see a specific topic? Open an issue with your suggestion!
Visit The Greys Education Hub to browse all content with an easy-to-navigate interface.
Prerequisites:
- Windows 10/11 VM (isolated!)
- Visual Studio Build Tools (optional)
- Text editor
Quick Test:
# 1. Create VM snapshot first!
# 2. Register test handler (no admin needed)
regedit /s Articles/github-readme/BYOPH/samples/registration/register_notepad_hkcu.reg
# 3. Test it
start sample://hello-world
# 4. Cleanup
regedit /s Articles/github-readme/BYOPH/samples/registration/unregister_sample_hkcu.regThe-Greys/
βββ Articles/
β βββ articles/
β β βββ BYOPH/ # Series 1: Protocol handlers
β β βββ Phishing/ # Series 2: (Coming soon)
β β βββ PowerShell/ # Series 3: (Coming soon)
β βββ diagrams/ # Visual attack flows
β βββ github-readme/
β βββ BYOPH/samples/ # Code samples & detection
βββ _config.yml # Jekyll configuration
βββ _layouts/ # Custom layouts
βββ _pages/ # Site pages
β βββ articles.md # All series index
β βββ samples.md # Code samples
β βββ detection.md # Detection rules
βββ index.md # Homepage
βββ GITHUB_PAGES_SETUP.md # Setup instructions
βββ ADDING_CONTENT_GUIDE.md # Content creation guide
- Start with detection - Review detection rules and hunting queries
- Understand the threats - Read attack technique articles
- Deploy monitoring - Implement Sigma rules and Sysmon configs
- Practice hunting - Run queries in your environment
- Establish baselines - Document normal behavior
Recommended Series: BYOPH (detection focus), Threat Hunting (coming soon)
- Learn the techniques - Complete full article series
- Practice in labs - Set up isolated environments
- Understand OPSEC - Study evasion and detection avoidance
- Get authorization - Always obtain proper permissions
- Document findings - Help improve defensive posture
Recommended Series: BYOPH (complete series), Advanced OPSEC (coming soon)
- Deep dive into topics - Study complete attack chains
- Experiment safely - Build custom tools and techniques
- Develop detections - Create new detection methods
- Share responsibly - Contribute findings to the community
- Collaborate - Work with others on research
Recommended Series: All series, contribute new research
- Focus on detection - Master detection rules and alerts
- Learn attack patterns - Understand adversary techniques
- Practice investigation - Work through incident scenarios
- Build playbooks - Create response procedures
- Continuous learning - Stay updated on new techniques
Recommended Series: BYOPH (detection), Incident Response (coming soon)
We welcome contributions from the security community!
Ways to Contribute:
- π Submit new content - Write articles or create tutorials
- π Share detection rules - Contribute Sigma rules, Sysmon configs
- π οΈ Add code samples - Provide working examples and tools
- π Report issues - Found a bug or error? Let us know
- π‘ Suggest topics - Request new series or content
- π Improve documentation - Fix typos, clarify explanations
Read Contributing Guidelines β
This project is STRICTLY for educational and defensive purposes:
- Educational learning and research
- Authorized security testing with written permission
- Defensive security improvements
- Academic research and publication
- Security tool development for defense
- Unauthorized access to systems or networks
- Malicious attacks or exploitation
- Testing without explicit authorization
- Illegal activities of any kind
- Harm to individuals or organizations
The author assumes no liability for misuse of this information. Always:
- π Test only in isolated lab environments
- π Obtain written authorization before testing production systems
- π‘οΈ Follow responsible disclosure practices
- βοΈ Comply with all applicable laws and regulations
This repository uses a dual-license approach:
All code, scripts, detection rules, and technical implementations are licensed under the MIT License.
See: LICENSE-CODE
All articles, documentation, diagrams, and educational materials are licensed under Creative Commons Attribution 4.0 International (CC BY 4.0).
See: LICENSE-CONTENT
| What | License | Can I use commercially? | Attribution required? |
|---|---|---|---|
| Code, Scripts, Detection Rules | MIT | β Yes | |
| Articles, Docs, Diagrams | CC BY 4.0 | β Yes |
For detailed guidance: See LICENSING.md
Questions? Open an issue on GitHub
- GitHub: @a7t0fwa7
- Issues: Report bugs or request features
- Discussions: Join the conversation
- β Star this repository to get notifications
- ποΈ Watch for new content releases
- π Follow for updates on new series
#Cybersecurity #InfoSec #BlueTeam #RedTeam #WindowsSecurity #ThreatHunting #BYOPH #SecurityResearch #PenTesting #IncidentResponse #Malware #Forensics #Detection #SIEM #EDR #SOC
- Series Published: 1 (BYOPH - Complete)
- Series Planned: 4+ (Phishing, PowerShell, Malware Analysis, Threat Hunting)
- Total Articles: 7+ (Growing)
- Detection Rules: Sigma, Sysmon, PowerShell, EDR
- Code Samples: Handlers, Scripts, Tools
- Lab Exercises: Multiple hands-on scenarios
