ditekshen / detection
Detection in the form of Yara, Snort and ClamAV signatures.
☆201Updated last week
Related projects: ⓘ
- Collection of private Yara rules.☆317Updated last month
- Collection of rules created using YARA-Signator over Malpedia☆110Updated 9 months ago
- ☆130Updated 7 months ago
- ☆185Updated last year
- A guide on how to write fast and memory friendly YARA rules☆123Updated last year
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆485Updated this week
- Automatic YARA rule generation for Malpedia☆152Updated 2 years ago
- Signatures and IoCs from public Volexity blog posts.☆307Updated last month
- Community modules for CAPE Sandbox☆84Updated last week
- ☆61Updated 3 weeks ago
- A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.☆360Updated 2 years ago
- Elastic Security Labs releases☆46Updated 3 weeks ago
- A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare …☆139Updated 2 months ago
- File analysis and management framework.☆66Updated last year
- Lnk Explorer Command line edition!!☆261Updated 3 months ago
- ☆214Updated 4 months ago
- Repository of YARA rules made by Trellix ATR Team☆560Updated 8 months ago
- A YARA rules repository continuously updated for monitoring the old and new threats from articles, incidents responses ...☆136Updated 10 months ago
- Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.☆129Updated this week
- Live forensic artifacts collector☆157Updated 2 months ago
- Standard collection of rules for capa: the tool for enumerating the capabilities of programs☆519Updated this week
- Automated YARA Rule Standardization and Quality Assurance Tool☆154Updated this week
- Arya is a unique tool that produces pseudo-malicious files meant to trigger YARA rules. You can think of it like a reverse YARA.☆238Updated last year
- Encyclopedia for Executables☆409Updated 2 years ago
- Set of SIGMA rules (>320) mapped to MITRE ATT&CK tactic and techniques☆300Updated 3 months ago
- ☆75Updated 3 weeks ago
- ☆121Updated 2 years ago
- Sigma rules from Joe Security☆199Updated last month
- Anything Sysmon related from the MSTIC R&D team☆143Updated 3 months ago
- AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10☆107Updated 2 weeks ago