Proofpoint - Emerging Threats - Threat Research tools + publicly shared intel and documentation
☆82Jan 28, 2026Updated last month
Alternatives and similar repositories for threatresearch
Users that are interested in threatresearch are comparing it to the libraries listed below
Sorting:
- Repository for scripts and tips for "Yara Scan Service"☆20Feb 19, 2023Updated 3 years ago
- Yara rules☆22Mar 27, 2023Updated 2 years ago
- BSidesLV 2015 Exploit Kit Analysis Workshop Files☆27Aug 5, 2015Updated 10 years ago
- Script to pull newly-registered domains and check for similarity against a provided word list.☆13Aug 2, 2020Updated 5 years ago
- Useful Windows and AD tools☆15Feb 20, 2022Updated 4 years ago
- Ursnif beacon decryptor☆27Mar 20, 2023Updated 2 years ago
- 🚧 Currently transfering TLP:CLEAR rules from TLP:AMBER repository...☆21Mar 22, 2024Updated last year
- PoC ActiveX SVG Document Execution☆21Nov 8, 2018Updated 7 years ago
- ☆21Apr 19, 2024Updated last year
- Simple IP enrichment service and API wrapping PyASN and MaxMind GeoIP.☆71Dec 8, 2022Updated 3 years ago
- Script to parse first load time for Shell Extensions loaded by user. Also enumerates all loaded Shell Extensions that are only installed …☆21Jun 8, 2015Updated 10 years ago
- ☆16Dec 26, 2022Updated 3 years ago
- 进程内优雅地拦截SPI/LSP模块。 Manage SPI/LSP in a graceful way within private process.☆11Dec 28, 2017Updated 8 years ago
- Volatility plugin for extracts configuration data of known malware☆495Dec 22, 2023Updated 2 years ago
- CLI tool to compute the TypeRefHash for .NET binaries.☆19Nov 10, 2021Updated 4 years ago
- The following repository contains a modified version of SUNBURST with cracekd hashes, comments and annotations.☆56Dec 23, 2020Updated 5 years ago
- Emulates the VirusTotal "vt" YARA module for livehunt rule debugging/testing☆24May 29, 2023Updated 2 years ago
- Repository of tools, YARA rules, and code-snippets from Stairwell's research team.☆23Jan 31, 2024Updated 2 years ago
- ☆11Apr 25, 2021Updated 4 years ago
- ☆59May 1, 2019Updated 6 years ago
- Royal APT - APT15 - Related Information from NCC Group Cyber Defense Operations Research☆53Mar 16, 2018Updated 7 years ago
- Extract GUIDs from .NET assemblies☆21Jun 15, 2016Updated 9 years ago
- Proof of concept communications from C# via a web browser process☆21Feb 15, 2019Updated 7 years ago
- Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.☆69Nov 11, 2023Updated 2 years ago
- SubCrawl is a modular framework for discovering open directories, identifying unique content through signatures and organizing the data w…☆150Sep 22, 2023Updated 2 years ago
- A collection of scripts for dealing with Cobalt Strike beacons in Python☆169Jan 5, 2021Updated 5 years ago
- ☆23Jun 1, 2023Updated 2 years ago
- Providing timelines based on OSINT Reports☆31Jun 21, 2023Updated 2 years ago
- DC3 Malware Configuration Parser (DC3-MWCP) is a framework for parsing configuration information from malware. The information extracted …☆340Feb 7, 2025Updated last year
- PoC: process watcher patterns to make killing a process hard.☆11Aug 1, 2018Updated 7 years ago
- \ PowerAvails Powershell /☆10Jun 30, 2018Updated 7 years ago
- ☆12Aug 12, 2016Updated 9 years ago
- Kippo configured to be a backdoored netscreen☆11Dec 22, 2015Updated 10 years ago
- A simple useless rootkit for the linux kernel. It is a kernel module which hooks up the open() syscall (or potentially any syscall) to re…☆12Mar 13, 2016Updated 9 years ago
- ☆12Feb 24, 2023Updated 3 years ago
- Solutions for various crackmes☆20Jan 13, 2013Updated 13 years ago
- Anything related to Ghidra☆12Apr 22, 2019Updated 6 years ago
- ☆12May 22, 2018Updated 7 years ago
- multiduplicut : optimize wordlists-based password cracking methods chaining☆16Feb 25, 2022Updated 4 years ago