Indicators of compromise from to analysis and research by Nextron Threat Research team
☆12Sep 17, 2025Updated 6 months ago
Alternatives and similar repositories for iocs
Users that are interested in iocs are comparing it to the libraries listed below
Sorting:
- CyberChef - Detection Engineering, TI, DFIR, Malware Analysis Edition☆66Aug 10, 2022Updated 3 years ago
- SQL, IIS, Oh My...☆22Feb 24, 2025Updated last year
- Signature-based detection of malware features based on Windows API call sequences. It's like YARA for sandbox API traces!☆82Jun 28, 2023Updated 2 years ago
- ☆33Feb 26, 2022Updated 4 years ago
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆87Mar 11, 2026Updated last week
- ☆22Dec 22, 2020Updated 5 years ago
- Repository to handle issues with our free EDR agent Aurora Lite☆28Nov 9, 2023Updated 2 years ago
- PowerShellMethodAuditor listens to the PowerShell ETW provider and logs PowerShell method invocations.☆37Sep 19, 2017Updated 8 years ago
- This repository contains supplemental items including IOCs, and signatures discussed in Huntress blogposts, and other media.☆47Feb 27, 2026Updated 3 weeks ago
- Sigma detection rules for hunting with the threathunting-keywords project☆58Mar 2, 2025Updated last year
- ☆17Oct 13, 2025Updated 5 months ago
- a tiny program to consume from ETW providers for research☆54Jan 4, 2025Updated last year
- This is a repo for fetching Applocker event log by parsing the win-event log☆31Aug 6, 2022Updated 3 years ago
- Read ETW Provider events. Inspired by ETWExplorer by Pavel Yosifovich☆18Jun 29, 2024Updated last year
- This repo contains a list of vendors that hide their security advisories, alerts, notices, vulnerabilities, and more behind either a payw…☆32May 11, 2024Updated last year
- A library for fast parse & import of Windows Master File Table($MFT) into Elasticsearch.☆12Jun 23, 2025Updated 8 months ago
- A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.☆44Jul 18, 2022Updated 3 years ago
- Tool that gathers a customizable set of ETW telemetry and generates user-defined detections☆47Jan 28, 2026Updated last month
- Scans the filesystem for directories that are user-writeable☆13Jun 21, 2021Updated 4 years ago
- pySigma Splunk backend☆41Mar 15, 2026Updated last week
- A tool to start programs with admin rights.☆16Nov 18, 2025Updated 4 months ago
- ☆15Sep 24, 2024Updated last year
- Base class for Jupyter Data Integrations☆11Feb 11, 2026Updated last month
- ☆23Nov 29, 2023Updated 2 years ago
- ☆14Feb 12, 2025Updated last year
- Extract payload URLs from Follina (CVE-2022-30190) docx and rtf files☆31Jun 15, 2022Updated 3 years ago
- Convert Sigma rules to LogRhythm searches☆23Feb 27, 2022Updated 4 years ago
- Placeholder for my detection repo and misc detection engineering content☆42Oct 20, 2023Updated 2 years ago
- Implementation of Silvio Cesare text infection technic☆10Jan 5, 2018Updated 8 years ago
- An opensource sigma conversion tool built using pysigma☆163Feb 9, 2026Updated last month
- The book and code repo for the FREE Fundamental C++ book by Kevin Thomas.☆20Nov 26, 2025Updated 3 months ago
- A pySigma wrapper and langchain toolkit for automatic rule creation/translation☆92Nov 3, 2025Updated 4 months ago
- A pure PowerShell/ .NET DFIR capability that dumps the Windows SRUM (System Resource Usage Monitor) database to CSVs for analysis.☆14Oct 21, 2021Updated 4 years ago
- HXTool is an extended user interface for the FireEye HX Endpoint product. HXTool can be installed on a dedicated server or on your physic…☆86Jun 27, 2024Updated last year
- A pySigma wrapper to manage detection rules.☆45Mar 9, 2026Updated last week
- Hundred Days of Yara Challenge☆12Jun 21, 2022Updated 3 years ago
- A proof-of-concept re-assembler for reverse VNC traffic.☆24May 21, 2023Updated 2 years ago
- Official Website Of The Sigma Project☆23Feb 16, 2026Updated last month
- A tool that adds reproducible UUIDs to YARA rules☆13Apr 24, 2024Updated last year