A home for detection content developed by the delivr.to team
☆72Aug 10, 2025Updated 7 months ago
Alternatives and similar repositories for detections
Users that are interested in detections are comparing it to the libraries listed below
Sorting:
- ☆10Jan 22, 2025Updated last year
- A collection of YARA rules for public use. Built from information in intelligence profiles, dossiers and file work.☆18Sep 10, 2023Updated 2 years ago
- Sublime rules for email attack detection, prevention, and threat hunting.☆350Mar 13, 2026Updated last week
- A command-line tool and module for the free Sublime Analysis API☆16Jun 18, 2024Updated last year
- Cobalt Strike (CS) Beacon Object File (BOF) for kernel exploitation using AMD's Ryzen Master Driver (version 17).☆155Jan 21, 2023Updated 3 years ago
- A C# implementation of dumping credentials from Windows Credential Manager☆62Sep 23, 2023Updated 2 years ago
- ☆26Nov 25, 2025Updated 3 months ago
- ☆17Sep 14, 2017Updated 8 years ago
- ☆120May 26, 2025Updated 9 months ago
- Collection of rules created using YARA-Signator over Malpedia☆141Jan 6, 2026Updated 2 months ago
- Sigma detection rules for hunting with the threathunting-keywords project☆58Mar 2, 2025Updated last year
- Yara Rules for Modern Malware☆78Mar 3, 2024Updated 2 years ago
- Extension functionality for the NightHawk operator client☆26Nov 3, 2023Updated 2 years ago
- Here are some tools I developed to help analyze malware☆11Nov 8, 2023Updated 2 years ago
- A *very* imperfect attempt to correlate Kernel32 function calls to native API (Nt/Zw) counterparts/execution flow.☆28Dec 16, 2021Updated 4 years ago
- Splunk Technology-AddOn for Aurora Sigma-Based EDR Agent. It helps parse and configure the necessary inputs to neatly consume Aurora EDR …☆13Sep 27, 2022Updated 3 years ago
- A free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing. Gain visibility and contr…☆250Mar 10, 2026Updated last week
- ☆36May 27, 2024Updated last year
- This package allows for creating alerts in The Hive from emails retrieved from a Microsoft Exchange mailbox.☆12Jul 13, 2017Updated 8 years ago
- A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.☆15Apr 4, 2023Updated 2 years ago
- Watches the Downloads folder for any new files and inserts it into Nemesis for analysis.☆15Feb 29, 2024Updated 2 years ago
- Enumerate and check domains for Azure tenants☆57Feb 1, 2022Updated 4 years ago
- SIEGMA - Transform Sigma rules into SIEM consumables☆159Mar 10, 2025Updated last year
- Extract messages from a local Microsoft Teams installation☆16Jan 14, 2023Updated 3 years ago
- Threadless Injection Payload Toolkit☆12Oct 12, 2023Updated 2 years ago
- Parser and reconciliation tooling for large Active Directory environments.☆33Feb 18, 2025Updated last year
- ☆128Jun 28, 2023Updated 2 years ago
- ☆48Feb 11, 2023Updated 3 years ago
- ☆15May 3, 2024Updated last year
- Proof-of-Concept to evade auditd by tampering via ptrace☆19Aug 3, 2023Updated 2 years ago
- ☆33Jan 23, 2025Updated last year
- Dynamically resolve API function addresses at runtime in a secure manner.☆73Nov 11, 2025Updated 4 months ago
- HTML Smuggling with Web Assembly☆66Feb 20, 2024Updated 2 years ago
- Detection Ideas & Rules repository.☆178Sep 10, 2021Updated 4 years ago
- A post-exploitation strategy for persistence and egress from networks utilizing authenticated web proxies☆34Sep 15, 2022Updated 3 years ago
- Aggressor script that gets the latest commands from CobaltStrikes web site and creates an aggressor script based on tool options.☆22Oct 6, 2021Updated 4 years ago
- ☆23Jul 7, 2023Updated 2 years ago
- Purpleteam scripts simulation & Detection - trigger events for SOC detections☆195Dec 20, 2024Updated last year
- BOF for C2 framework☆44Nov 9, 2024Updated last year