zeek-docsDocumentation for Zeek
Stars: ✭ 41 (+215.38%)
decrypticonJava-layer Android Malware Simplifier
Stars: ✭ 17 (+30.77%)
INDXRipperCarve file metadata from NTFS index ($I30) attributes
Stars: ✭ 32 (+146.15%)
RecuperabitA tool for forensic file system reconstruction.
Stars: ✭ 280 (+2053.85%)
YAFRAYAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.
Stars: ✭ 22 (+69.23%)
VirustotalA simple command-line script to interact with the virustotal-api
Stars: ✭ 50 (+284.62%)
aparoidStatic and dynamic Android application security analysis
Stars: ✭ 62 (+376.92%)
Malware-ZooHashes of infamous malware
Stars: ✭ 18 (+38.46%)
NorimaciNorimaci is a simple and lightweight malware analysis sandbox for macOS
Stars: ✭ 37 (+184.62%)
nsm-attackMapping NSM rules to MITRE ATT&CK
Stars: ✭ 53 (+307.69%)
Security OnionSecurity Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management
Stars: ✭ 2,956 (+22638.46%)
ssdcssdeep cluster analysis for malware files
Stars: ✭ 24 (+84.62%)
Malware SamplesA collection of malware samples caught by several honeypots i manage
Stars: ✭ 863 (+6538.46%)
TheHiveHooksThis is a python tool aiming to make using TheHive webhooks easier.
Stars: ✭ 22 (+69.23%)
DetectionlabelkDetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
Stars: ✭ 273 (+2000%)
fastfinderIncident Response - Fast suspicious file finder
Stars: ✭ 116 (+792.31%)
HiddenWindows driver with usermode interface which can hide objects of file-system and registry, protect processes and etc
Stars: ✭ 768 (+5807.69%)
angr-antievasionFinal project for the M.Sc. in Engineering in Computer Science at Università degli Studi di Roma "La Sapienza" (A.Y. 2016/2017).
Stars: ✭ 35 (+169.23%)
VipermonkeyA VBA parser and emulation engine to analyze malicious macros.
Stars: ✭ 697 (+5261.54%)
r2yarar2yara - Module for Yara using radare2 information
Stars: ✭ 30 (+130.77%)
Makinmakin - reveal anti-debugging and anti-VM tricks [This project is not maintained anymore]
Stars: ✭ 645 (+4861.54%)
OwlyshieldOwlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact))..
Stars: ✭ 281 (+2061.54%)
HabomalhunterHaboMalHunter is a sub-project of Habo Malware Analysis System (https://habo.qq.com), which can be used for automated malware analysis and security assessment on the Linux system.
Stars: ✭ 627 (+4723.08%)
Malware SamplesA collection of malware samples and relevant dissection information, most probably referenced from http://blog.inquest.net
Stars: ✭ 565 (+4246.15%)
whohkwhohk,linux下一款强大的应急响应工具 在linux下的应急响应往往需要通过繁琐的命令行来查看各个点的情况,有的时候还需要做一些格式处理,这对于linux下命令不是很熟悉的人比较不友好。本工具将linux下应急响应中常用的一些操作给集合了起来,并处理成了较为友好的格式,只需要通过一个参数就能代替繁琐复杂的命令来实现对各个点的检查。
Stars: ✭ 260 (+1900%)
FunnelFunnel is a lightweight yara-based feed scraper
Stars: ✭ 38 (+192.31%)
LolbasLiving Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Stars: ✭ 3,810 (+29207.69%)
MurMurHashThis little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.
Stars: ✭ 79 (+507.69%)
AttackdatamapA datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
Stars: ✭ 264 (+1930.77%)
ApklabAndroid Reverse-Engineering Workbench for VS Code
Stars: ✭ 470 (+3515.38%)
Linux.miraiLeaked Linux.Mirai Source Code for Research/IoC Development Purposes
Stars: ✭ 466 (+3484.62%)
PevThe PE file analysis toolkit
Stars: ✭ 422 (+3146.15%)
Malware analysisVarious snippets created during malware analysis
Stars: ✭ 413 (+3076.92%)
EvilizeParses Windows event logs files based on SANS Poster
Stars: ✭ 24 (+84.62%)
FclFCL (Fileless Command Lines) - Known command lines of fileless malicious executions
Stars: ✭ 409 (+3046.15%)
mail to mispConnect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.
Stars: ✭ 61 (+369.23%)
SsmaSSMA - Simple Static Malware Analyzer [This project is not maintained anymore by me]
Stars: ✭ 388 (+2884.62%)
jitmJITM is an automated tool to bypass the JIT Hooking protection on a .NET sample.
Stars: ✭ 27 (+107.69%)
Drakvuf SandboxDRAKVUF Sandbox - automated hypervisor-level malware analysis system
Stars: ✭ 384 (+2853.85%)
Kernel-dll-injectorKernel-Mode Driver that loads a dll into every new created process that loads kernel32.dll module
Stars: ✭ 256 (+1869.23%)
malware-writeupsPersonal research and publication on malware families
Stars: ✭ 104 (+700%)
KuiperDigital Forensics Investigation Platform
Stars: ✭ 257 (+1876.92%)
S1EMThis project is a SIEM with SIRP and Threat Intel, all in one.
Stars: ✭ 270 (+1976.92%)
ThreatpinchlookupDocumentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Stars: ✭ 257 (+1876.92%)
AdtimelineTimeline of Active Directory changes with replication metadata
Stars: ✭ 252 (+1838.46%)
Malware JailSandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction. Written for Node.js
Stars: ✭ 349 (+2584.62%)
HomebrewOverlayBrowser extension adware (showHomebrewOverlayOuter)
Stars: ✭ 52 (+300%)
bazaarAndroid security & privacy analysis for the masses
Stars: ✭ 191 (+1369.23%)
SSHapendoesCapture passwords of login attempts on non-existent and disabled accounts.
Stars: ✭ 31 (+138.46%)
VanillaWindowsReferenceA repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update.
Stars: ✭ 24 (+84.62%)
xLoggerSimple windows API logger
Stars: ✭ 62 (+376.92%)
Flare VmNo description or website provided.
Stars: ✭ 3,201 (+24523.08%)
MalScanA Simple PE File Heuristics Scanners
Stars: ✭ 41 (+215.38%)
rhqRecon Hunt Queries
Stars: ✭ 66 (+407.69%)