Alternatives and similar repositories for Bluekeep-Detection-Rule

Users that are interested in Bluekeep-Detection-Rule are comparing it to the libraries listed below

• jonny-jhnson / Detecting-Process-Injection-Techniques
  This is a repository that is meant to hold detections for various process injection techniques.
  ☆34Updated 5 years ago
• 0xrawsec / gene-rules
  ☆41Updated 2 years ago
• DamonMohammadbagher / ETWNetMonv3
  ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Ima…
  ☆40Updated 2 years ago
• jorritfolmer / EDRevals
  Splunk app to compare Endpoint Detection and Response solutions based on MITRE ATT&CK evaluations (APT3, APT29, Carbanak + FIN7, Wizard S…
  ☆19Updated 2 years ago
• markuskont / pikksilm
  Look into EDR events from network
  ☆23Updated 3 months ago
• robwillisinfo / Invoke-Decoder
  Invoke-Decoder – A PowerShell script to decode/deobfuscate malware samples
  ☆19Updated 5 years ago
• tevora-threat / atomic_red_team_gui
  Windows GUI/Execution Engine for Atomic Red Team Atomics
  ☆35Updated 5 years ago
• SIFalcon / Detection
  ☆22Updated 2 years ago
• tsale / TA_tooling
  ☆10Updated 2 years ago
• TarlogicSecurity / sepriv
  Tool to manage user privileges
  ☆29Updated 5 years ago
• JPCERTCC / QuasarRAT-Analysis
  QuasarRAT analysis tools and research report
  ☆27Updated last year
• activeshadow / go-atomicredteam
  go-atomicredteam is a Golang application to execute tests as defined in the atomics folder of Red Canary's Atomic Red Team project (https…
  ☆49Updated 2 years ago
• Immersive-Labs-Sec / BruteRatel-DetectionTools
  A collection of Tools and Rules for decoding Brute Ratel C4 badgers
  ☆64Updated 3 years ago
• DfirJos / CnC-detection
  Detecting PowerShell Empire, Metasploit Meterpreter and Cobalt Strike agents by payload size sequence analysis and host correlation
  ☆16Updated 6 years ago
• StefanKelm / yara-rules
  Links to malware-related YARA rules
  ☆15Updated 2 years ago
• tasox / Epimitheus
  Epimitheus is a tool that uses graphical database Neo4j for Windows Events visualization.
  ☆19Updated 3 years ago
• limbenjamin / LogServiceCrash
  POC code to crash Windows Event Logger Service
  ☆27Updated 4 years ago
• alphaSeclab / malware-ioc-hash
  Collection of malware ioc hashes from blog posts. A Python script is provided to search through it.
  ☆17Updated 4 years ago
• shabarkin / pointer
  Pointer was developed for massive hunting and mapping Cobalt Strike servers exposed on the internet.
  ☆67Updated 3 years ago
• refractionPOINT / limacharlie
  Old home of LimaCharlie, open source EDR
  ☆31Updated last year
• airzero24 / Atlas
  Lightweight C# windows agent for Apfell
  ☆17Updated 5 years ago
• jnqpblc / Misc-PowerShell
  Miscellaneous PowerShell scripts for red team activities
  ☆16Updated 9 months ago
• synacktiv / AMSI-Bypass
  Lists of AMSI triggers (VBA, JScript / VBScript)
  ☆33Updated 6 years ago
• am0nsec / MCGC
  Minimalist Custom .NET Core Garbage Collector
  ☆21Updated 5 years ago
• 0xthirteen / CleanRunMRU
  Get or remove RunMRU values
  ☆57Updated 5 years ago
• dtrizna / SysmonRNN
  All necessary code in order to feed Sysmon data into Recurrent Neural Network
  ☆17Updated 5 years ago
• agreenjay / sysmon
  A collection of useful PowerShell tools to collect, organize, and visualize Sysmon event data
  ☆39Updated 5 years ago
• fashionproof / CheckSafeBoot
  I used this to see if an EDR is running in Safe Mode
  ☆37Updated 4 years ago
• v1ado / HIPS_LIPS
  Community maintained list of most popular HIPS service and process names on a Windows Platform.
  ☆43Updated 3 years ago
• icebearfriend / Quickrundown
  Smart overlay for Cobalt Strike PS function
  ☆31Updated 6 years ago