cisagov / parsnip
☆71Updated 3 months ago
Alternatives and similar repositories for parsnip
Users that are interested in parsnip are comparing it to the libraries listed below
Sorting:
- ☆25Updated 2 years ago
- Assortment of scripts and tools for our Blackhat EU 2024 talk☆92Updated 3 months ago
- Mapping of open-source detection rules and atomic tests.☆163Updated 3 months ago
- FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (EXT4, XFS) journals (not systemd-journald), generates…☆64Updated last month
- When good OAuth apps go rogue. Documents observed OAuth application tradecraft☆75Updated last month
- ☆74Updated last month
- Repository that contains a set of purposefully erroneous Yara rules.☆51Updated last year
- Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, ASN, DNS, WhoIs, Shodan InternetDB and Threat Indi…☆103Updated 7 months ago
- Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.☆113Updated this week
- A repository for tracking events related to the MOVEit Transfer Cl0p Campaign☆71Updated last year
- 🧰 ESXi Testing Tookit is a command-line utility designed to help security teams test ESXi detections.☆73Updated 3 weeks ago
- Collection of scripts/resources/ideas for attack surface reduction and additional logging to enable better threat hunting on Windows endp…☆38Updated last year
- A preconfigured Velociraptor triage collector☆51Updated this week
- The ultimate repository for remotely deploying Crowdstrike sensors quickly and discreetly on any other EDR platform.☆23Updated 2 weeks ago
- create a "simulated internet" cyber range environment☆16Updated 2 weeks ago
- Slides of my public talks☆55Updated last year
- Rules shared by the community from 100 Days of YARA 2025☆32Updated 3 months ago
- Baseline a Windows System against LOLBAS☆27Updated last year
- This project is an Ansible Role to execute Atomic Red Team tests against multiple machines by wrapping Invoke-AtomicRedTeam☆27Updated 10 months ago
- The LOLBins CTI-Driven (Living-Off-the-Land Binaries Cyber Threat Intelligence Driven) is a project that aims to help cyber defenders und…☆123Updated last year
- orc2timeline extracts and analyzes artifacts contained in archives generated with DFIR-ORC.exe to create a timeline from them☆33Updated 2 weeks ago
- VelociraptorMCP is a Model Context Protocol bridge for exposing LLMs to MCP clients.☆25Updated last week
- Living off the False Positive!☆35Updated 3 months ago
- DShield Sensor Log Collection with ELK☆27Updated last week
- The Eventlog Compendium is the go-to resource for understanding Windows Event Logs.☆42Updated 3 weeks ago
- ☆68Updated 5 months ago
- Online resources related to Detection Engineering. Detection rules, detection logic, attack samples, detection tests and emulation tools…☆93Updated 2 weeks ago
- Repository documenting how Threat Intelligence and / or a Threat Intelligence Platform can prove its value to an organisation.☆51Updated 6 months ago
- Finding ClickFix and FakeCAPTCHA like it's 1999☆36Updated this week
- AutoPwnKey is a red teaming framework and testing tool using AutoHotKey (AHK), which at the time of creation proves to be quite evasive. …☆37Updated last month