SentineLabs / macos-ttps-yara
A ruleset to find potentially malicious code in macOS malware samples
☆39Updated last year
Related projects: ⓘ
- ForgeArmory provides TTPs that can be used with the TTPForge (https://github.com/facebookincubator/ttpforge).☆84Updated last week
- macOS forensic timeline generator using the analysis result DBs of mac_apt☆88Updated last year
- A zero dependency and customizable Python library for scanning Windows and Linux process memory.☆61Updated 7 months ago
- Repository that contains a set of purposefully erroneous Yara rules.☆47Updated 8 months ago
- Simple Workspace Attack Tool (SWAT) is a tool for simulating malicious behavior against Google Workspace in reference to the MITRE ATT&CK…☆159Updated last month
- Run Sigma detection rules on logs from the new MacOS EndpointSecurity Framework☆20Updated 3 years ago
- God Mode Detection Rules☆130Updated last month
- C2 Active Scanner☆45Updated 3 months ago
- ☆79Updated last month
- CyberChef - Detection Engineering, TI, DFIR, Malware Analysis Edition☆62Updated 2 years ago
- A home for detection content developed by the delivr.to team☆56Updated 2 weeks ago
- Elastic Security Labs releases☆46Updated 3 weeks ago
- The LOLBins CTI-Driven (Living-Off-the-Land Binaries Cyber Threat Intelligence Driven) is a project that aims to help cyber defenders und…☆108Updated 5 months ago
- 100 Days of YARA to be updated with rules & ideas as the year progresses☆57Updated last year
- Rules Shared by the Community from 100 Days of YARA 2023☆76Updated last year
- An LLM and OCR based Indicator of Compromise Extraction Tool☆28Updated 5 months ago
- ShellSweeping the evil.☆49Updated 3 months ago
- Lightweight Python-Based Malware Analysis Pipeline☆29Updated this week
- A pySigma wrapper and langchain toolkit for automatic rule creation/translation☆65Updated last month
- Digital Forensics Artifacts Knowledge Base☆71Updated 4 months ago
- acquire is a tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container.☆86Updated last week
- Remote access and Antivirus Logging Database☆39Updated 4 months ago
- YARA rule analyzer to improve rule quality and performance☆93Updated 9 months ago
- Detection Engineering with YARA☆84Updated 8 months ago
- A guide on how to write fast and memory friendly YARA rules☆123Updated last year
- ☆95Updated 3 months ago
- Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, ASN, DNS, WhoIs, Shodan InternetDB and Threat Indi…☆91Updated 2 months ago
- A C# based tool for analysing malicious OneNote documents☆108Updated last year
- Azure function to insert MISP data in to Azure Sentinel☆30Updated last year
- Mapping XProtect's obfuscated malware family names to common industry names.☆82Updated 4 months ago