akamai / luda
Malicious actors often reuse code to deploy their malware, phishing website or CNC server. As a result, similiaries can be found on URLs path by inspecting internet traffic. Moreover, deep learning models or even regular ML model do not fit for inline deployment in terms of running performance. However, regexes ( or YARA rules ) can be deployed …
☆74Updated last year
Related projects ⓘ
Alternatives and complementary repositories for luda
- Cloud, CDN, and marketing services leveraged by cybercriminals and APT groups☆57Updated 2 years ago
- nse script to inject jndi payloads☆45Updated 2 years ago
- Cybersecurity Incidents Mind Maps☆32Updated 3 years ago
- ☆68Updated 3 years ago
- A simple command line program to help defender test their detections for network beacon patterns and domain fronting☆65Updated 2 years ago
- Pointer was developed for massive hunting and mapping Cobalt Strike servers exposed on the internet.☆65Updated 2 years ago
- Threat Mapping Catalogue☆17Updated 3 years ago
- Terraform resources for building HTTP, DNS, phishing, and mail server red team infrastructure☆93Updated 5 years ago
- Blue Pigeon is a Bluetooth-based data exfiltration and proxy tool to enable communication between a remote Command and Control (C2) serve…☆54Updated 3 years ago
- Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.☆76Updated 2 years ago
- Zuthaka is an open source application designed to assist red-teaming efforts, by simplifying the task of managing different APTs and othe…☆174Updated 2 years ago
- This repository aims to collect and document indicators from the different C2's listed in the C2-Matrix☆72Updated 2 years ago
- Nessus Audit files☆30Updated last year
- Static Token And Credential Scanner☆95Updated last year
- ☆43Updated last year
- Joystick is a tool that gives you the ability to transform the ATT&CK Evaluations data into concise views that brings forward the nuances…☆64Updated last year
- A visualized overview of the Initial Access Broker (IAB) cybercrime landscape☆108Updated 3 years ago
- Active C2 IoCs☆96Updated last year
- ATT&CK Evaluations website (DEPRECATED)☆59Updated 3 years ago
- Programmatically create hunting rules for deserialization exploitation with multiple keywords, gadget chains, object types, encodings, an…☆141Updated last year
- ☆41Updated last year
- ☆41Updated 7 months ago
- Cont3xt intends to centralize and simplify a structured approach to gathering contextual intelligence in support of technical investigati…☆36Updated 8 months ago
- Extensive code infrastructure for finding unintended information leaks in files, git repositories and much more.☆28Updated 2 years ago
- Linux Incident Response☆89Updated 5 years ago
- Autoconfigured ELK Stack That Contains All EPSS and NVD CVE Data☆47Updated 4 months ago
- GoldenSAML Attack Libraries and Framework☆65Updated 5 months ago
- A CALDERA plugin for ATT&CK Evaluations Round 1☆33Updated last year
- A list of JARM hashes for different ssl implementations used by some C2/red team tools.☆135Updated last year