SentineLabs / macos-ttps-yaraLinks
A ruleset to find potentially malicious code in macOS malware samples
☆40Updated last year
Alternatives and similar repositories for macos-ttps-yara
Users that are interested in macos-ttps-yara are comparing it to the libraries listed below
Sorting:
- Rules shared by the community from 100 Days of YARA 2025☆34Updated 6 months ago
- macOS forensic timeline generator using the analysis result DBs of mac_apt☆94Updated last year
- A zero dependency and customizable Python library for scanning Windows and Linux process memory.☆66Updated last year
- Repository that contains a set of purposefully erroneous Yara rules.☆58Updated 2 weeks ago
- machofile is a module to parse Mach-O binary files☆79Updated this week
- ForgeArmory provides TTPs that can be used with the TTPForge (https://github.com/facebookincubator/ttpforge).☆115Updated 10 months ago
- ☆146Updated 2 months ago
- Run Sigma detection rules on logs from the new MacOS EndpointSecurity Framework☆20Updated 4 years ago
- An LLM and OCR based Indicator of Compromise Extraction Tool☆34Updated 8 months ago
- A minimal malware analysis sandbox for macOS☆31Updated 2 years ago
- Simple Workspace Attack Tool (SWAT) is a tool for simulating malicious behavior against Google Workspace in reference to the MITRE ATT&CK…☆164Updated 9 months ago
- Forensic Artifact Collection Tool for macOS☆112Updated last week
- This is a little plugin to copy disassembly in a way that is usable in YARA rules!☆46Updated 3 months ago
- pocket guide for core detection engineering concepts☆29Updated 2 years ago
- macOS .DS_Store Parser☆67Updated 3 years ago
- Mapping XProtect's obfuscated malware family names to common industry names.☆86Updated last year
- Convert Sigma rules to SIEM queries, directly in your browser.☆92Updated last week
- A cross platform parser for Apple UnifiedLogs!☆264Updated this week
- CyberChef - Detection Engineering, TI, DFIR, Malware Analysis Edition☆65Updated 2 years ago
- Track progress and keep notes while working through likethecoins' CTI Self Study Plan☆28Updated 2 years ago
- Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.☆139Updated this week
- Repository of tools and resources for analyzing Docker containers☆66Updated last year
- FLARE floss applied to all unpacked+dumped samples in Malpedia, pre-processed for further use.☆57Updated 2 months ago
- ☆94Updated 2 months ago
- Memory Forensic System on Cloud☆90Updated last year
- ☆45Updated 4 months ago
- An index of publicly available and open-source threat detection rulesets.☆120Updated 3 months ago
- C2 Active Scanner☆59Updated last year
- ☆41Updated 8 months ago
- ☆17Updated last month