Automated detection rule analysis utility
☆28Sep 22, 2022Updated 3 years ago
Alternatives and similar repositories for dredd
Users that are interested in dredd are comparing it to the libraries listed below
Sorting:
- Network timing evaluation used to detect beacons, works with argus flow as the source☆20May 4, 2016Updated 9 years ago
- Visual Studio Code Microsoft Sysinternal Sysmon configuration file extension.☆54Jul 13, 2023Updated 2 years ago
- ☆20May 10, 2023Updated 2 years ago
- ☆39Feb 12, 2020Updated 6 years ago
- ☆19Apr 13, 2022Updated 3 years ago
- a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…☆65Aug 23, 2023Updated 2 years ago
- A test case runner for Sigma rules☆14Aug 14, 2024Updated last year
- ☆20Feb 22, 2021Updated 5 years ago
- VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities a…☆1,554Mar 12, 2026Updated last week
- POC for utilizing wikipedia API for Command and Control☆28Dec 8, 2022Updated 3 years ago
- 🚨ATTENTION🚨 The VERIS mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here …☆72Apr 3, 2024Updated last year
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆791Mar 14, 2026Updated last week
- 🛡️ VIPER: Stay ahead of threats with AI-driven vulnerability intelligence. Prioritize CVEs effectively using NVD, EPSS, CISA KEV, and Go…☆87Aug 13, 2025Updated 7 months ago
- An offensive toolkit for restless guests #DEFCON33☆53Aug 11, 2025Updated 7 months ago
- Credential Dumper☆79Feb 19, 2020Updated 6 years ago
- Compilation of resources to help with Adversary Simulation automation harness☆100Aug 7, 2020Updated 5 years ago
- Microsoft decompiled IrDA drivers☆16Apr 15, 2015Updated 10 years ago
- STIX 2.1 Visualizer, Attack and Activity Thread Graph for Threat Modeling☆33Dec 9, 2024Updated last year
- Data and structures regarding the research done on WdFilter☆12Apr 15, 2020Updated 5 years ago
- String extraction and classification tool for binary files, designed to extract only the strings that can be considered relevant (i.e. no…☆11Aug 9, 2020Updated 5 years ago
- ATT&CK Remote Threat Hunting Incident Response☆206Dec 8, 2024Updated last year
- an excel-centric approach for the MITRE ATT&CK® Tactics and Techniques☆187May 5, 2022Updated 3 years ago
- C# utility that uses WMI to run "cmd.exe /c netstat -n", save the output to a file, then use SMB to read and delete the file remotely☆38Jan 3, 2020Updated 6 years ago
- Petaq - Purple Team Command & Control Server☆105Dec 8, 2022Updated 3 years ago
- Automatically exported from code.google.com/p/guardlite☆11Jul 2, 2015Updated 10 years ago
- Repository resource threat intelligence for SOC☆10Sep 14, 2018Updated 7 years ago
- Threat hunting repo for my independent study on threat hunting with OSQuery☆27Jan 16, 2018Updated 8 years ago
- A mini project to exfiltrate data via QR codes☆19Dec 5, 2025Updated 3 months ago
- Threat Hunting & Incident Investigation with Osquery☆216Mar 30, 2022Updated 3 years ago
- Blog/Journal on how to backdoor VSCode extensions☆78Feb 24, 2026Updated 3 weeks ago
- Some of example code that I have collected while learning☆10Sep 25, 2016Updated 9 years ago
- This repository contains attack chains generated by Aurora that can be reproduced in virtual environments.☆44Jan 25, 2026Updated last month
- nuke that event log using some epic dinvoke fu☆118May 12, 2021Updated 4 years ago
- pwncat windows c2 components☆22Jun 21, 2021Updated 4 years ago
- FOR508 Index - GCFA☆24May 19, 2018Updated 7 years ago
- POC for a race condition exploit using directory junctions in Windows☆17Apr 26, 2020Updated 5 years ago
- ☆33Oct 16, 2025Updated 5 months ago
- ☆10Dec 24, 2022Updated 3 years ago
- Threat Simulation Indexes☆39Jan 9, 2026Updated 2 months ago