SentineLabs / macos-ttps-yaraLinks
A ruleset to find potentially malicious code in macOS malware samples
☆40Updated last year
Alternatives and similar repositories for macos-ttps-yara
Users that are interested in macos-ttps-yara are comparing it to the libraries listed below
Sorting:
- A zero dependency and customizable Python library for scanning Windows and Linux process memory.☆66Updated last year
- Repository that contains a set of purposefully erroneous Yara rules.☆51Updated last year
- Rules shared by the community from 100 Days of YARA 2025☆33Updated 5 months ago
- macOS forensic timeline generator using the analysis result DBs of mac_apt☆94Updated last year
- CyberChef - Detection Engineering, TI, DFIR, Malware Analysis Edition☆63Updated 2 years ago
- Freyja is a Golang, Purple Team agent that compiles into Windows, Linux and macOS x64 executables.☆42Updated 7 months ago
- Convert Sigma rules to SIEM queries, directly in your browser.☆89Updated last week
- 100 Days of YARA to be updated with rules & ideas as the year progresses☆60Updated 2 years ago
- pocket guide for core detection engineering concepts☆28Updated 2 years ago
- Lightweight Python-Based Malware Analysis Pipeline☆34Updated last week
- ForgeArmory provides TTPs that can be used with the TTPForge (https://github.com/facebookincubator/ttpforge).☆113Updated 9 months ago
- ShellSweeping the evil.☆53Updated last year
- A YARA & Malware Analysis Toolkit written in Rust.☆35Updated this week
- Rules Shared by the Community from 100 Days of YARA 2023☆77Updated 2 years ago
- Linux #rootkit and #malware revealer☆26Updated 10 months ago
- Contains compiled binaries of Volatility☆33Updated last month
- orc2timeline extracts and analyzes artifacts contained in archives generated with DFIR-ORC.exe to create a timeline from them☆33Updated last month
- machofile is a module to parse Mach-O binary files☆51Updated last year
- Tools and scripts to deploy and manage OpenRelik instances☆14Updated 2 weeks ago
- The core backend server handling API requests and task management☆42Updated last week
- Detection Engineering with YARA☆87Updated last year
- FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (ext4, XFS) journals (not systemd-journald logs), gene…☆75Updated this week
- The Event Maturity Matrix (EMM) is a comprehensive framework that provides clarity regarding the capabilities and nuances of SaaS audit l…☆21Updated this week
- Azure Activity Log Axe is a continually developing tool that simplifies the transactional log format provided by Microsoft. The tool leve…☆28Updated 9 months ago
- This is a little plugin to copy disassembly in a way that is usable in YARA rules!☆45Updated 2 months ago
- A home for detection content developed by the delivr.to team☆69Updated 3 weeks ago
- Run Sigma detection rules on logs from the new MacOS EndpointSecurity Framework☆20Updated 4 years ago
- Track progress and keep notes while working through likethecoins' CTI Self Study Plan☆28Updated 2 years ago
- FLARE floss applied to all unpacked+dumped samples in Malpedia, pre-processed for further use.☆57Updated last month
- Baseline a Windows System against LOLBAS☆27Updated last year