custom Python script to perform Yara matching in Cortex XDR
☆14May 18, 2021Updated 4 years ago
Alternatives and similar repositories for xdr_yara_rule_matching
Users that are interested in xdr_yara_rule_matching are comparing it to the libraries listed below
Sorting:
- A few XDR Scripts☆22Mar 19, 2025Updated 11 months ago
- ☆12Jun 6, 2025Updated 9 months ago
- CLI tool to compute the TypeRefHash for .NET binaries.☆19Nov 10, 2021Updated 4 years ago
- Cortex EDR Ransomware protection Bypass☆27Feb 8, 2025Updated last year
- Manage Your Large Team of Consultants☆11Sep 18, 2025Updated 5 months ago
- Repository for Cortex XDR and Cortex XSIAM XQL queries and more!☆41Jun 7, 2024Updated last year
- A python-based API client for Cortex XDR API.☆26Sep 22, 2025Updated 5 months ago
- A collection of my public YARA signatures for various malware families☆30Sep 20, 2024Updated last year
- Google Cloud Security Command Center to Azure Sentinel Connector☆19Jul 15, 2023Updated 2 years ago
- Configurations for DFIR ORC☆28Mar 28, 2024Updated last year
- Repository with selected IOCs and YARA rules for threat hunting.☆35May 21, 2025Updated 9 months ago
- Decrypt GlobalProtect configuration and cookie files.☆157Sep 10, 2024Updated last year
- Cisco IOS XE implant scanning & detection (CVE-2023-20198, CVE-2023-20273)☆41Nov 7, 2023Updated 2 years ago
- macOS Endpoint Security Message Analysis Tool☆47Jan 31, 2022Updated 4 years ago
- Sigma Queries turned into KQL for Defender using pysigma☆12Jun 20, 2024Updated last year
- ☆12Dec 14, 2016Updated 9 years ago
- A small crappy script I wrote that converts the Sigma Windows Process Creation events to KQL via PySigma. Designed for CI/CD☆10Nov 7, 2023Updated 2 years ago
- Minimal C port of UTF8-CPP☆12Jun 2, 2019Updated 6 years ago
- Powershell to read ETL file on an interval and convert it to an EVTX (so Windows Event Forwarding can 'subscribe')☆11May 16, 2017Updated 8 years ago
- Primarily aimed at replicating files that cannot be directly copied due to being in use.☆11Apr 22, 2024Updated last year
- ☆11Apr 25, 2021Updated 4 years ago
- A clone of FD (File & Directory tool) by T.Shirai☆16Jan 29, 2014Updated 12 years ago
- Here are some tools I developed to help analyze malware☆11Nov 8, 2023Updated 2 years ago
- A password list optimized for use on Android devices.☆11Jul 2, 2022Updated 3 years ago
- ☆12Feb 24, 2023Updated 3 years ago
- Backport of SliverStager to work with DotNetToJScript for vba☆17Aug 9, 2024Updated last year
- My attempts at making life with VMware that little bit easier.☆11Aug 7, 2023Updated 2 years ago
- Library and tools to access the GUID Partition Table (GPT) volume system format☆11Dec 20, 2025Updated 2 months ago
- An open-source computer forensics tool that can display summary as the result of Windows Event Log analysis based on the chosen function(…☆11Feb 2, 2023Updated 3 years ago
- The method and files used to generate Sysmon event logs, push them to a remote Splunk, and ingest/normalize the data for analysis.☆10Sep 28, 2020Updated 5 years ago
- resources, links for OCR & greek☆10Mar 8, 2021Updated 5 years ago
- Implementation of Max Kellermann's exploit for CVE-2022-0847☆12Mar 8, 2022Updated 4 years ago
- Imphash-like calculation on Golang binaries☆49Jul 2, 2022Updated 3 years ago
- ☆12Aug 18, 2020Updated 5 years ago
- Simple python project using the COM (DDE) API under win32 to convert nsf documents databases to other formats, mainly targetting mbox & i…☆10Apr 15, 2017Updated 8 years ago
- An updated C# port of X-Ways X-Tensions API.☆11Mar 12, 2018Updated 7 years ago
- Tools and dumps related to the Smishing Triad and the USPS smishing campaign from late 2023 into 2024☆11Apr 28, 2024Updated last year
- VB Exe Parser is an IDA script written in Python. This script will help you to parse VB program internal structures. It can find: Event, …☆17Oct 8, 2016Updated 9 years ago
- Writeups of some of PicoCTF 2017 challenges.☆10Aug 3, 2018Updated 7 years ago