Cloud, CDN, and marketing services leveraged by cybercriminals and APT groups
☆60Oct 28, 2022Updated 3 years ago
Alternatives and similar repositories for Abused-Legitimate-Services
Users that are interested in Abused-Legitimate-Services are comparing it to the libraries listed below
Sorting:
- ☆33Feb 26, 2022Updated 4 years ago
- Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions☆53Dec 21, 2021Updated 4 years ago
- Here are some tools I developed to help analyze malware☆11Nov 8, 2023Updated 2 years ago
- Repo that hold write-ups of various research projects I did and/or overall InfoSec things I investigated/researched.☆22Jan 5, 2025Updated last year
- ☆36Jan 11, 2023Updated 3 years ago
- ☆11Mar 12, 2021Updated 4 years ago
- Indicators of Normality☆11Jul 22, 2022Updated 3 years ago
- Threat Detection Rules (Snort/Sigma/Yara)☆14Jan 23, 2024Updated 2 years ago
- Repository for LNK stuff☆31Aug 31, 2022Updated 3 years ago
- hopefully a source-to-source deobfuscator, aiming at deobfuscating common scripts languages such as Powershell, VBA and Javascript. Curre…☆40Aug 17, 2019Updated 6 years ago
- Convert an IP into Alternative / Obfuscated versions of itself☆14Aug 13, 2022Updated 3 years ago
- ☆17Nov 28, 2021Updated 4 years ago
- Script to pull newly-registered domains and check for similarity against a provided word list.☆13Aug 2, 2020Updated 5 years ago
- Just Another broken Registry Parser (JARP)��☆16May 23, 2024Updated last year
- Parser for Sdba memory pool tags☆21Jul 16, 2021Updated 4 years ago
- Malformed Access Log to CSV - Convert Web Server Access Logs to CSV☆18Sep 3, 2024Updated last year
- Very loud vBulletin exploit☆14Aug 12, 2020Updated 5 years ago
- Library of threat hunts to get any user started!☆50Sep 4, 2020Updated 5 years ago
- Cobalt Strike Beacon configuration extractor and parser.☆159Oct 30, 2025Updated 4 months ago
- Network security visualization tool, showcasing live traffic between internal and external hosts in a real-time visualization.☆27Apr 11, 2023Updated 2 years ago
- A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.☆117Jan 26, 2022Updated 4 years ago
- A python package that helps with analysis of MSI files☆14Mar 28, 2021Updated 4 years ago
- Get intelligence info (tags, mitre techniques, yara and more) and find similar malware in a fast and easy way☆19Jun 6, 2022Updated 3 years ago
- ☆96May 5, 2025Updated 10 months ago
- LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript☆345Sep 1, 2021Updated 4 years ago
- Collection of Slides From My Conference Talks☆20Nov 21, 2022Updated 3 years ago
- A collection of companies that disclose adversary TTPs after they have been breached☆289Nov 11, 2025Updated 3 months ago
- A powershell parser for https://github.com/ufrisk/MemProcFS☆45May 12, 2021Updated 4 years ago
- This repository aims to collect and document indicators from the different C2's listed in the C2-Matrix☆74Jan 26, 2022Updated 4 years ago
- ☆18Mar 26, 2024Updated last year
- ☆21May 8, 2022Updated 3 years ago
- ☆18Apr 4, 2019Updated 6 years ago
- ☆22Jan 31, 2023Updated 3 years ago
- Get-MiniTimeline - Triage Collection and Timeline Generation w/ KAPE☆33May 25, 2024Updated last year
- Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable…☆17May 18, 2021Updated 4 years ago
- Threat Box Assessment Tool☆19Aug 15, 2021Updated 4 years ago
- ☆33Oct 25, 2021Updated 4 years ago
- Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes.☆117Feb 9, 2022Updated 4 years ago
- This aggressor script uses a beacon's note field to indicate the health status of a beacon.☆141Sep 29, 2021Updated 4 years ago