SentineLabs / macos-ttps-yaraLinks
A ruleset to find potentially malicious code in macOS malware samples
☆40Updated 2 years ago
Alternatives and similar repositories for macos-ttps-yara
Users that are interested in macos-ttps-yara are comparing it to the libraries listed below
Sorting:
- Rules shared by the community from 100 Days of YARA 2025☆35Updated 7 months ago
- macOS forensic timeline generator using the analysis result DBs of mac_apt☆94Updated last year
- Repository that contains a set of purposefully erroneous Yara rules.☆58Updated last month
- ForgeArmory provides TTPs that can be used with the TTPForge (https://github.com/facebookincubator/ttpforge).☆116Updated 11 months ago
- A zero dependency and customizable Python library for scanning Windows and Linux process memory.☆66Updated last year
- Examine Chrome extensions for security issues☆85Updated 2 weeks ago
- An LLM and OCR based Indicator of Compromise Extraction Tool☆34Updated 8 months ago
- machofile is a module to parse Mach-O binary files☆87Updated 3 weeks ago
- Rules Shared by the Community from 100 Days of YARA 2023☆78Updated 2 years ago
- Simple Workspace Attack Tool (SWAT) is a tool for simulating malicious behavior against Google Workspace in reference to the MITRE ATT&CK…☆164Updated 10 months ago
- My very personal and opinionatedly organized infosec/cybersec sources in one OPML file☆57Updated 2 years ago
- Repository of tools and resources for analyzing Docker containers☆67Updated last year
- Run Sigma detection rules on logs from the new MacOS EndpointSecurity Framework☆20Updated 4 years ago
- Linux #rootkit and #malware revealer☆26Updated last year
- SubCrawl is a modular framework for discovering open directories, identifying unique content through signatures and organizing the data w…☆54Updated 8 months ago
- Convert Sigma rules to SIEM queries, directly in your browser.☆94Updated this week
- ☆94Updated 3 weeks ago
- HASH (HTTP Agnostic Software Honeypot)☆137Updated last year
- A tool to use novel locations to extract metadata from Office documents.☆63Updated 2 years ago
- Forensic Artifact Collection Tool for macOS☆113Updated last month
- pocket guide for core detection engineering concepts☆30Updated 2 years ago
- Segugio allows the execution and tracking of critical steps in the malware detonation process, from clicking on the first stage to extrac…☆150Updated 11 months ago
- orc2timeline extracts and analyzes artifacts contained in archives generated with DFIR-ORC.exe to create a timeline from them☆33Updated 2 months ago
- ☆17Updated 2 months ago
- ☆47Updated 5 months ago
- When good OAuth apps go rogue. Documents observed OAuth application tradecraft☆77Updated 2 months ago
- Intel Retrieval Augmented Generation (RAG) Utilities☆90Updated last year
- CyberChef - Detection Engineering, TI, DFIR, Malware Analysis Edition☆65Updated 3 years ago
- The core backend server handling API requests and task management☆45Updated last week
- Detection Engineering with YARA☆87Updated last year