infosecB / LOOBins
Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" macOS binaries and how they can be used by threat actors for malicious purposes.
☆461Updated 5 months ago
Alternatives and similar repositories for LOOBins
Users that are interested in LOOBins are comparing it to the libraries listed below
Sorting:
- a tool to help operate in EDRs' blind spots☆730Updated 5 months ago
- Repository of attack and defensive information for Business Email Compromise investigations☆251Updated this week
- LotL RMM☆178Updated last month
- IATelligence is a Python script that will extract the IAT of a PE file and request GPT to get more information about the API and the ATT&…☆361Updated 2 years ago
- Awesome list of keywords and artifacts for Threat Hunting sessions☆566Updated 2 weeks ago
- Purple Team Exercise Framework☆700Updated last year
- Ransomware simulator written in Golang☆436Updated 2 years ago
- Rules generated from our investigations.☆194Updated last month
- A python script developed to process Windows memory images based on triage type.☆262Updated last year
- Collection of Event ID ressources useful for Digital Forensics and Incident Response☆615Updated 10 months ago
- CLI tools for forensic investigation of Windows artifacts☆327Updated 6 months ago
- LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. T…☆123Updated 3 months ago
- Retired TrustedSec Capabilities☆245Updated 5 months ago
- Uses Sharphound, Bloodhound and Neo4j to produce an actionable list of attack paths for targeted remediation.☆463Updated 10 months ago
- MAAD Attack Framework - An attack tool for simple, fast & effective security testing of M365 & Entra ID (Azure AD).☆396Updated 7 months ago
- Jupyter Notebooks for the Blue Team☆144Updated last month
- An automated Breach and Attack Simulation lab with terraform. Built for IaC stability, consistency, and speed.☆189Updated 10 months ago
- The Github project for The Defender's Guide by Luke Paine and Jonathan Johnson☆152Updated last year
- Arya is a unique tool that produces pseudo-malicious files meant to trigger YARA rules. You can think of it like a reverse YARA.☆247Updated 2 years ago
- The purpose of this project is to publish and maintain the deployment PowerShell script that automates deployments for Active Directory C…☆250Updated last year
- Aftermath is a free macOS IR framework☆508Updated 5 months ago
- BadZure orchestrates the setup of Azure AD tenants, populating them with diverse entities while also introducing common security misconfi…☆455Updated last month
- ForgeArmory provides TTPs that can be used with the TTPForge (https://github.com/facebookincubator/ttpforge).☆108Updated 7 months ago
- Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.☆202Updated 2 years ago
- Automated YARA Rule Standardization and Quality Assurance Tool☆216Updated last week
- Set of SIGMA rules (>350) mapped to MITRE ATT&CK tactic and techniques☆357Updated 3 months ago
- This is a collection of threat detection rules / rules engines that I have come across.☆287Updated last year
- Offensive security and Penetration Testing TTP for Cloud based environment (AWS / Azure / GCP)☆330Updated 2 months ago
- M365/Azure adversary simulation tool that generates realistic attack telemetry to help blue teams improve their detection and response ca…☆292Updated 2 months ago
- WTF are these binaries doing?! A list of benign applications that mimic malicious behavior.☆165Updated last month