SentineLabs / macos-ttps-yaraLinks
A ruleset to find potentially malicious code in macOS malware samples
☆40Updated last year
Alternatives and similar repositories for macos-ttps-yara
Users that are interested in macos-ttps-yara are comparing it to the libraries listed below
Sorting:
- Repository that contains a set of purposefully erroneous Yara rules.☆51Updated last year
- Rules shared by the community from 100 Days of YARA 2025☆33Updated 4 months ago
- macOS forensic timeline generator using the analysis result DBs of mac_apt☆94Updated last year
- A zero dependency and customizable Python library for scanning Windows and Linux process memory.☆66Updated last year
- ForgeArmory provides TTPs that can be used with the TTPForge (https://github.com/facebookincubator/ttpforge).☆112Updated 8 months ago
- Lightweight Python-Based Malware Analysis Pipeline☆34Updated 3 weeks ago
- ☆92Updated 2 weeks ago
- Rules Shared by the Community from 100 Days of YARA 2023☆76Updated 2 years ago
- Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.☆124Updated this week
- 100 Days of YARA to be updated with rules & ideas as the year progresses☆60Updated 2 years ago
- Run Sigma detection rules on logs from the new MacOS EndpointSecurity Framework☆20Updated 4 years ago
- Convert Sigma rules to SIEM queries, directly in your browser.☆81Updated last week
- Detection Engineering with YARA☆87Updated last year
- This is a little plugin to copy disassembly in a way that is usable in YARA rules!☆45Updated last month
- A YARA & Malware Analysis Toolkit written in Rust.☆31Updated last week
- The Dissect module tying all other Dissect modules together. It provides a programming API and command line tools which allow easy access…☆62Updated this week
- machofile is a module to parse Mach-O binary files☆51Updated last year
- CyberChef - Detection Engineering, TI, DFIR, Malware Analysis Edition☆63Updated 2 years ago
- A home for detection content developed by the delivr.to team☆69Updated this week
- BlackBerry Threat Research & Intelligence☆98Updated last year
- Simple Workspace Attack Tool (SWAT) is a tool for simulating malicious behavior against Google Workspace in reference to the MITRE ATT&CK…☆165Updated 7 months ago
- ShellSweeping the evil.☆52Updated 11 months ago
- An LLM and OCR based Indicator of Compromise Extraction Tool☆33Updated 6 months ago
- pocket guide for core detection engineering concepts☆28Updated 2 years ago
- ☆141Updated 3 months ago
- A guide on how to write fast and memory friendly YARA rules☆144Updated 3 months ago
- FLARE floss applied to all unpacked+dumped samples in Malpedia, pre-processed for further use.☆55Updated last week
- YARA rule analyzer to improve rule quality and performance☆101Updated last month
- Elastic Security Labs releases☆66Updated 2 weeks ago
- FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (EXT4, XFS) journals (not systemd-journald), generates…☆64Updated 2 months ago