Base modules of the Nemea system. This repository contains modules for export, replay, filtering, merging etc.
☆17Sep 30, 2025Updated 4 months ago
Alternatives and similar repositories for Nemea-Modules
Users that are interested in Nemea-Modules are comparing it to the libraries listed below
Sorting:
- Detection modules of the Nemea system.☆21Mar 26, 2025Updated 11 months ago
- System for network traffic analysis and anomaly detection.☆92Jul 11, 2025Updated 7 months ago
- IPFIX flow exporter with DPDK support capable of bi-directional flows, per-packet-information statistics, and extensibility via processin…☆77Updated this week
- Testbed for testing NetFlow/IPFIX network monitoring probes. Includes tools for PCAP generation and replay of 1/10/100G network traffic.☆56Jan 19, 2026Updated last month
- Deterministic and monitored traffic generation for inspecting and and training traffic models☆12Nov 19, 2024Updated last year
- Ansible role for Installing Nginx, compiling ModSecurity3, and installing the OWASP CRS v3 ruleset☆11Mar 5, 2024Updated last year
- Two-Factor Email Provider for Nextcloud (future version, see state of the app).☆17Updated this week
- Ansible Role - ISP Config 3☆25Dec 15, 2023Updated 2 years ago
- 2021 SANS DFIR Summit: Greppin' Logs☆20Oct 30, 2025Updated 3 months ago
- My codes☆25Jun 4, 2017Updated 8 years ago
- A Rust PoC implementation of the Early Bird process hollowing technique, inspired by https://github.com/boku7/HOLLOW.☆31Feb 7, 2025Updated last year
- Source code for the paper: Adaptive Clustering-based Malicious Traffic Classification at the Network Edge (https://homepages.inf.ed.ac.uk…☆37May 6, 2021Updated 4 years ago
- Our implementations of the flow-based network intrusion detection model (for the COMNET paper)☆49May 17, 2020Updated 5 years ago
- remote process injections using pool party techniques☆70Jun 29, 2025Updated 7 months ago
- IPFIXcol is an implementation of an IPFIX (RFC 7011) collector☆66Mar 9, 2020Updated 5 years ago
- A Docker based LDAP RCE exploit demo for CVE-2021-44228 Log4Shell☆72Dec 21, 2022Updated 3 years ago
- Various scripts and codes☆84Apr 23, 2021Updated 4 years ago
- Unsupervised deep learning framework with online(MLP: prediction-based, 1 D Conv and VAE: reconstruction-based, Wavenet: prediction-based…☆128Dec 2, 2022Updated 3 years ago
- Active C&C Detector☆156Oct 5, 2023Updated 2 years ago
- A simple, cross-platform utility to classify packets into flows using only the essential 4-tuple.☆177Aug 12, 2025Updated 6 months ago
- kernel callback removal (Bypassing EDR Detections)☆211Nov 14, 2025Updated 3 months ago
- StoneKeeper C2, an experimental EDR evasion framework for research purposes☆209Dec 25, 2024Updated last year
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆195Nov 27, 2024Updated last year
- An open standard for hashing network flows into identifiers, a.k.a "Community IDs".☆195Sep 23, 2024Updated last year
- psexecsvc - a python implementation of PSExec's native service implementation☆237Feb 11, 2025Updated last year
- Mikrotik friendly blacklist to filter all these damn hackers.☆203Updated this week
- Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak☆209Nov 12, 2025Updated 3 months ago
- CICFlowmeter-V4.0 (formerly known as ISCXFlowMeter) is a network traffic Bi-flow generator and analyzer for anomaly detection that has be…☆195Sep 3, 2023Updated 2 years ago
- A set of programs for analyzing common vulnerabilities in COM☆246Sep 8, 2024Updated last year
- KitNET is a lightweight online anomaly detection algorithm, which uses an ensemble of autoencoders.☆251Mar 28, 2024Updated last year
- The Office 365 Extractor is a tool that allows for complete and reliable extraction of the Unified Audit Log (UAL)☆267Feb 3, 2022Updated 4 years ago
- The Business Email Compromise Guide sets out to describe 10 steps for performing a Business Email Compromise (BEC) investigation in an Of…☆277Feb 2, 2021Updated 5 years ago
- A PowerShell console in C/C++ with all the security features disabled☆354Oct 14, 2025Updated 4 months ago
- Incident Response collection and processing scripts with automated reporting scripts☆321Jun 25, 2024Updated last year
- A Rust implementation of GodPotato — abusing SeImpersonate to gain SYSTEM privileges. Includes a TCP-based reverse shell and indirect NTA…☆354Apr 26, 2025Updated 10 months ago
- A package for capturing and analyzing network flow data and intraflow data, for network research, forensics, and security monitoring.☆1,354Apr 1, 2024Updated last year
- Proof of Concept (PoC) .NET tool for remotely killing EDR with WDAC☆423Sep 29, 2025Updated 4 months ago
- Forensics artefact collection tool for systems running Microsoft Windows☆431Mar 26, 2025Updated 11 months ago
- A minimal firmware for OTA (over the air) flashing Tasmota, HAA, or ESPurna from Mongoose OS or compatible firmware types.☆423Feb 16, 2023Updated 3 years ago