fboldewin / YARA_Detection_Engineering
Detection Engineering with YARA
☆84Updated 8 months ago
Related projects: ⓘ
- A specification and style guide for YARA rules☆34Updated 7 months ago
- The LOLBins CTI-Driven (Living-Off-the-Land Binaries Cyber Threat Intelligence Driven) is a project that aims to help cyber defenders und…☆108Updated 5 months ago
- CarbonBlack EDR detection rules and response actions☆70Updated last week
- A Jupyter notebook to assist with the analysis of the output generated from Volatility memory extraction framework.☆94Updated last year
- C2 Active Scanner☆45Updated 3 months ago
- Harness the power of Splunk for your investigations☆66Updated last month
- BlackBerry Threat Research & Intelligence☆90Updated 10 months ago
- The Threat Actor Profile Guide for CTI Analysts☆89Updated last year
- Forensics scripts aimed at automating & enhancing the Forensics Legend Eric Zimmerman's techniques, integrating the statistical detection…☆16Updated last year
- The Linux DFIR Collector is a stand-alone collection tool for Gnu / Linux. Dump artifacts in json format with very few impacts on the hos…☆29Updated 2 years ago
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆74Updated 3 weeks ago
- YARA rule analyzer to improve rule quality and performance☆93Updated 9 months ago
- A repo hosting the Markua content for the EZ Tools manuals hosted on Leanpub☆62Updated last year
- SubCrawl is a modular framework for discovering open directories, identifying unique content through signatures and organizing the data w…☆49Updated 3 months ago
- This guide describes a process for developing Cyber Threat Intelligence Priority Intelligence Requirements☆113Updated 9 months ago
- A repository to share publicly available Velociraptor detection content☆115Updated this week
- User Feedback Space of #MitreAssistant☆37Updated last year
- A pySigma wrapper and langchain toolkit for automatic rule creation/translation☆65Updated last month
- Rules Shared by the Community from 100 Days of YARA 2023☆76Updated last year
- Active C&C Detector☆148Updated 11 months ago
- Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)☆67Updated last year
- ATT&CK Powered Suit is a browser extension that puts the complete MITRE ATT&CK® knowledge base at your fingertips with text search, conte…☆69Updated this week
- Sigma detection rules for hunting with the threathunting-keywords project☆47Updated 2 weeks ago
- Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so on☆81Updated 4 months ago
- Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proac…☆84Updated last year
- This repo is where I store my Threat Hunting ideas/content☆85Updated last year
- Sigma rules to share with the community☆113Updated last month
- ☆84Updated 7 months ago
- 100 Days of YARA to be updated with rules & ideas as the year progresses☆57Updated last year
- Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…☆47Updated last year