infosecB / LOOBins
Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" macOS binaries and how they can be used by threat actors for malicious purposes.
☆420Updated 2 weeks ago
Related projects: ⓘ
- a tool to help operate in EDRs' blind spots☆639Updated 5 months ago
- Signatures and IoCs from public Volexity blog posts.☆307Updated last month
- Rules generated from our investigations.☆186Updated last month
- A python script developed to process Windows memory images based on triage type.☆259Updated 9 months ago
- Uses Sharphound, Bloodhound and Neo4j to produce an actionable list of attack paths for targeted remediation.☆444Updated 2 months ago
- Purple Team Exercise Framework☆584Updated 8 months ago
- Awesome list of keywords and artifacts for Threat Hunting sessions☆436Updated 2 weeks ago
- MAAD Attack Framework - An attack tool for simple, fast & effective security testing of M365 & Entra ID (Azure AD).☆350Updated last week
- Ransomware simulator written in Golang☆401Updated 2 years ago
- Quietly enumerate an Active Directory Domain via LDAP parsing users, admins, groups, etc.☆475Updated last year
- ☆633Updated this week
- IATelligence is a Python script that will extract the IAT of a PE file and request GPT to get more information about the API and the ATT&…☆347Updated last year
- Arya is a unique tool that produces pseudo-malicious files meant to trigger YARA rules. You can think of it like a reverse YARA.☆238Updated last year
- A centralized and enhanced memory analysis platform☆355Updated 2 weeks ago
- Infrastructure Automation☆311Updated 5 months ago
- Okta Verify and Okta FastPass Abuse Tool☆279Updated 2 weeks ago
- Repository of attack and defensive information for Business Email Compromise investigations☆216Updated 3 weeks ago
- WTF are these binaries doing?! A list of benign applications that mimic malicious behavior.☆149Updated 6 months ago
- Collection of Event ID ressources useful for Digital Forensics and Incident Response☆578Updated 3 months ago
- BloodHound Attack Research Kit☆470Updated 3 weeks ago
- An automated Breach and Attack Simulation lab with terraform. Built for IaC stability, consistency, and speed.☆152Updated 2 months ago
- Retired TrustedSec Capabilities☆218Updated last week
- ☆359Updated this week
- Jupyter Notebooks for the Blue Team☆139Updated last year
- Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.☆192Updated 2 years ago
- ☆503Updated last month
- This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.☆121Updated last year
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆485Updated this week
- Aftermath is a free macOS IR framework☆467Updated 3 months ago
- An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.☆266Updated 3 weeks ago