RpotReal-time Packet Observation Tool
Stars: ✭ 38 (-75.16%)
Judge-Jury-and-ExecutableA file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.
Stars: ✭ 66 (-56.86%)
Awesome YaraA curated list of awesome YARA rules, tools, and people.
Stars: ✭ 1,394 (+811.11%)
Signature BaseSignature base for my scanner tools
Stars: ✭ 1,212 (+692.16%)
Yara RulesA collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.
Stars: ✭ 206 (+34.64%)
ThreatingestorExtract and aggregate threat intelligence.
Stars: ✭ 439 (+186.93%)
ThreathuntThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.
Stars: ✭ 92 (-39.87%)
ApkidAndroid Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android
Stars: ✭ 999 (+552.94%)
Malware IocIndicators of Compromises (IOC) of our various investigations
Stars: ✭ 955 (+524.18%)
DidierstevenssuitePlease no pull requests for this repository. Thanks!
Stars: ✭ 856 (+459.48%)
BalbuzardBalbuzard is a package of malware analysis tools in python to extract patterns of interest from suspicious files (IP addresses, domain names, known file headers, interesting strings, etc). It can also crack malware obfuscation such as XOR, ROL, etc by bruteforcing and checking for those patterns.
Stars: ✭ 70 (-54.25%)
DovehawkDovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings
Stars: ✭ 97 (-36.6%)
YetiYour Everyday Threat Intelligence
Stars: ✭ 1,037 (+577.78%)
Threathunting SplSplunk code (SPL) useful for serious threat hunters.
Stars: ✭ 117 (-23.53%)
BeagleBeagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Stars: ✭ 976 (+537.91%)
Hunting Mindmaps🔍 Mindmaps for threat hunting - work in progress.
Stars: ✭ 86 (-43.79%)
BesafeBeSafe is robust threat analyzer which help to protect your desktop environment and know what's happening around you
Stars: ✭ 21 (-86.27%)
Threatbus🚌 The missing link to connect open-source threat intelligence tools.
Stars: ✭ 139 (-9.15%)
ApulloA scanner for taking basic fingerprints
Stars: ✭ 22 (-85.62%)
Sysmon ModularA repository of sysmon configuration modules
Stars: ✭ 1,229 (+703.27%)
YargenyarGen is a generator for YARA rules
Stars: ✭ 795 (+419.61%)
BluespawnAn Active Defense and EDR software to empower Blue Teams
Stars: ✭ 737 (+381.7%)
PlyaraParse YARA rules and operate over them more easily.
Stars: ✭ 108 (-29.41%)
Lw YaraYara Ruleset for scanning Linux servers for shells, spamming, phishing and other webserver baddies
Stars: ✭ 78 (-49.02%)
ManalyzeA static analyzer for PE executables.
Stars: ✭ 701 (+358.17%)
Malware FeedBringing you the best of the worst files on the Internet.
Stars: ✭ 69 (-54.9%)
BinaryalertBinaryAlert: Serverless, Real-time & Retroactive Malware Detection.
Stars: ✭ 1,125 (+635.29%)
Walkoff AppsWALKOFF-enabled applications. #nsacyber
Stars: ✭ 125 (-18.3%)
YarasigsVarious Yara signatures (possibly to be included in a release later).
Stars: ✭ 59 (-61.44%)
DetectionsThis repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant yara rules and ids signatures to detect these indicators.
Stars: ✭ 95 (-37.91%)
PecliCLI tool to analyze PE files
Stars: ✭ 46 (-69.93%)
IntelowlIntel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
Stars: ✭ 2,114 (+1281.7%)
PatrowlhearsPatrowlHears - Vulnerability Intelligence Center / Exploits
Stars: ✭ 89 (-41.83%)
BinjadockAn extendable, tabbed, dockable UI widget plugin for BinaryNinja https://binary.ninja.
Stars: ✭ 34 (-77.78%)
Operation WocaoOperation Wocao - Indicators of Compromise
Stars: ✭ 29 (-81.05%)
TelerReal-time HTTP Intrusion Detection
Stars: ✭ 1,248 (+715.69%)
IocsIoC's, PCRE's, YARA's etc
Stars: ✭ 15 (-90.2%)
OrianaOriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
Stars: ✭ 152 (-0.65%)
Holmes TotemInvestigation Planner for fast running analysis with predictable execution time. For example, static analysis.
Stars: ✭ 25 (-83.66%)
ThreathuntingA Splunk app mapped to MITRE ATT&CK to guide your threat hunts
Stars: ✭ 738 (+382.35%)
Sentinel AttackTools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Stars: ✭ 676 (+341.83%)
Ghidra scriptsScripts for the Ghidra software reverse engineering suite.
Stars: ✭ 732 (+378.43%)
MthcAll-in-one bundle of MISP, TheHive and Cortex
Stars: ✭ 134 (-12.42%)
Yara EndpointYara-Endpoint is a tool useful for incident response as well as anti-malware enpoint base on Yara signatures.
Stars: ✭ 75 (-50.98%)
Analyzer🔍 Offline Analyzer for extracting features, artifacts and IoCs from Windows, Linux, Android, iPhone, Blackberry, macOS binaries, emails and more
Stars: ✭ 108 (-29.41%)
MascA Web Malware Scanner
Stars: ✭ 74 (-51.63%)
Auditd AttackA Linux Auditd rule set mapped to MITRE's Attack Framework
Stars: ✭ 642 (+319.61%)
KlaraKaspersky's GReAT KLara
Stars: ✭ 565 (+269.28%)
Ioc ExplorerExplore Indicators of Compromise Automatically
Stars: ✭ 73 (-52.29%)
Bearded AvengerCIF v3 -- the fastest way to consume threat intelligence
Stars: ✭ 152 (-0.65%)
OpensquatDetection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.
Stars: ✭ 149 (-2.61%)