A repo to document API functions mapped to security events across diverse platforms
☆74Nov 1, 2019Updated 6 years ago
Alternatives and similar repositories for API-To-Event
Users that are interested in API-To-Event are comparing it to the libraries listed below
Sorting:
- A repository that maps API calls to Sysmon Event ID's.☆121Nov 14, 2022Updated 3 years ago
- Useful access control entries (ACE) on system access control list (SACL) of securable objects to find potential adversarial activity☆95Feb 2, 2022Updated 4 years ago
- SilkETW & SilkService☆40Aug 14, 2019Updated 6 years ago
- A collection of threat intelligence data such as IOC, Yara and Snort/Suricata Rules etc.☆10Sep 17, 2019Updated 6 years ago
- https://github.com/ManhNho/AWAE-OSWE☆11Aug 1, 2020Updated 5 years ago
- Open Source Security Events Metadata (OSSEM)☆1,289Feb 27, 2023Updated 3 years ago
- EventList☆377Mar 21, 2021Updated 5 years ago
- Still in dev mode☆12Apr 24, 2018Updated 7 years ago
- Yara matching in ElasticSearch.☆10Jun 12, 2018Updated 7 years ago
- TA505+ Adversary Simulation☆64Nov 30, 2020Updated 5 years ago
- A set of Splunk workflow action definitions to export field values to CyberChef for further analysis.☆13Jan 22, 2018Updated 8 years ago
- A reference Device Guard code integrity policy consisting of FilePublisher deny rules for published Device Guard configuration bypasses☆115May 27, 2017Updated 8 years ago
- Windows Events Attack Samples☆2,526Jan 24, 2023Updated 3 years ago
- Ansible scripts to build an attack box☆24Sep 24, 2018Updated 7 years ago
- Python Script to access ATT&CK content available in STIX via a public TAXII server☆568Dec 19, 2025Updated 3 months ago
- ☆18May 3, 2021Updated 4 years ago
- ☆53Mar 4, 2019Updated 7 years ago
- Place for resources used during the Mordor Detection hackathon event featuring APT29 ATT&CK evals datasets☆143Oct 12, 2020Updated 5 years ago
- Encyclopedia for Executables☆474Nov 9, 2021Updated 4 years ago
- Joystick is a tool that gives you the ability to transform the ATT&CK Evaluations data into concise views that brings forward the nuances…☆64Sep 13, 2023Updated 2 years ago
- Python module for running BOFs☆80Nov 28, 2025Updated 3 months ago
- Domain user enumeration tool☆216Nov 2, 2023Updated 2 years ago
- Re-play Security Events☆1,728Mar 20, 2024Updated 2 years ago
- A community event for security researchers to share their favorite notebooks☆108Feb 15, 2024Updated 2 years ago
- Cloud Templates and scripts to deploy mordor environments☆129Mar 3, 2021Updated 5 years ago
- The Cloud Blocker☆108Feb 16, 2025Updated last year
- Aggregation of Cobalt Strike's aggressor scripts.☆142Mar 31, 2018Updated 7 years ago
- Some PowerShell Stuff☆279Jun 15, 2022Updated 3 years ago
- ☆262May 9, 2024Updated last year
- GhostBuild is a collection of simple MSBuild launchers for various GhostPack/.NET projects☆251Sep 26, 2020Updated 5 years ago
- A repository for using windows event forwarding for incident detection and response☆1,300Sep 8, 2025Updated 6 months ago
- PoC for proxying COM objects when hijacking☆214Sep 10, 2019Updated 6 years ago
- Exercises for C# Workshop at Wild West Hackin' Fest 2018 & 2019.☆64Oct 28, 2019Updated 6 years ago
- Detect Tactics, Techniques & Combat Threats☆2,269Jan 21, 2026Updated 2 months ago
- CScriptShell, a Powershell Host running within cscript.exe☆163Apr 11, 2017Updated 8 years ago
- A simple proof of concept for detecting use of Cobalt Strike's execute-assembly☆59Apr 1, 2022Updated 3 years ago
- Praetorian's public release of our Metasploit automation of MITRE ATT&CK™ TTPs☆730Jan 21, 2020Updated 6 years ago
- Python3 script to parse txt files containing Mimikatz output☆99Jun 19, 2020Updated 5 years ago
- References for FIRST CTI 2019 Symposium presentation☆23Mar 19, 2019Updated 7 years ago