An extensible, deterministic static‑analysis engine that extracts high‑signal IOCs from PE binaries and text, built for SOC automation and modern threat‑analysis pipelines.
☆26Jul 1, 2026Updated last week
Alternatives and similar repositories for iocx
Users that are interested in iocx are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Windows EVTX log analysis for DFIR — fast parsing, ATT&CK mapping, IOC extraction, and Sentinel anomaly detection. Normal + Juggernaut Mo…☆52Jul 5, 2026Updated last week
- AI-powered malware traffic analysis and network forensics via the Model Context Protocol☆18May 27, 2026Updated last month
- Repository created to share information about tactics, techniques and procedures used by threat actors. Initially with ransomware groups …☆48Updated this week
- Linux Persistence Detection, Hunting and Artifact Collection script☆24May 21, 2026Updated last month
- Hundred Days of Yara Challenge☆12Jun 21, 2022Updated 4 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- A lightweight Windows Prefetch file parser to extract programs' execution history☆70Jan 12, 2026Updated 6 months ago
- Open source HIDS tailored for Microsoft Windows and Active Directory☆31Feb 13, 2026Updated 5 months ago
- Forensic tool for extracting and analyzing Google DriveFS cached files and metadata.☆22May 9, 2025Updated last year
- Everything related to YARA☆16Apr 18, 2026Updated 2 months ago
- Windows Error Reporting ALPC Elevation of Privilege (CVE-2026-20817) - Proof-of-Concept exploit demonstrating local privilege escalation …☆125Feb 19, 2026Updated 4 months ago
- Tool that gathers a customizable set of ETW telemetry and generates user-defined detections☆54Jan 28, 2026Updated 5 months ago
- This C# tool sprays for admin access over the entire domain☆89Dec 7, 2025Updated 7 months ago
- AppLocker Policy Generator☆26Aug 25, 2025Updated 10 months ago
- A Dissect module implementing a parser for Microsofts Extensible Storage Engine Database (ESEDB), used for example in Active Directory, E…☆25Nov 20, 2025Updated 7 months ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Cyber threat intelligence tool suite.☆41Apr 3, 2025Updated last year
- Rogue Binary Model Context Protocol (MCP): a Docker-packaged binary analysis lab for AI agents. It supports reverse engineering, malware …☆23May 17, 2026Updated last month
- Autonomous, read-only endpoint investigation via MCP. Ask a question about your fleet, get a narrative answer with containment recommenda…☆22Jul 6, 2026Updated last week
- ☆14Apr 24, 2026Updated 2 months ago
- Examine Chrome extensions for security issues☆98Nov 16, 2025Updated 7 months ago
- Run TTPs, with AI!☆140Feb 23, 2026Updated 4 months ago
- DriverSentinel is a security tool developed in Go that detects malicious and vulnerable drivers on Windows systems by comparing them agai…☆36May 2, 2026Updated 2 months ago
- Shellcode IDE☆15May 29, 2026Updated last month
- Usermode detector that catches indirect syscalls. Traps Hell's Hall, Tartarus' Gate, RecycledGate, and VEH syscalls & Many more.☆84Jun 15, 2026Updated 3 weeks ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- yara detection rules for hunting with the threathunting-keywords project☆165May 11, 2025Updated last year
- Phantom-Evasion-Loader is a standalone, pure x64 Assembly injection engine engineered to minimize the detection surface of modern EDR/XDR…☆108Updated this week
- Technical webinars on reverse engineering, malware analysis, and software protection.☆73Jul 2, 2026Updated last week
- The SecurityTube Linux Assembly Expert (SLAE) is an online course and certification which focuses on teaching the basics of 32-bit assemb…☆22Mar 31, 2019Updated 7 years ago
- Aether is a Windows memory-forensics and threat hunting tool that scans live process memory for malicious pattern, detect injection techn…☆52Jul 5, 2026Updated last week
- This is a collection of Worms for educational purposes☆36Jul 17, 2025Updated 11 months ago
- Collection of my own detection rules☆20Jan 6, 2026Updated 6 months ago
- A tool for patching/injecting code into elf binaries.☆15Sep 27, 2012Updated 13 years ago
- Config files for my GitHub profile.☆14May 7, 2023Updated 3 years ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- Adversary Simulation Framework☆41Aug 19, 2025Updated 10 months ago
- MCP server for automated binary diffing.☆17Updated this week
- The Router Exploitation Framework☆12Nov 10, 2017Updated 8 years ago
- router firmwares, reverse engineering code snippets, mitm tools☆14Mar 20, 2020Updated 6 years ago
- Links to malware-related YARA rules☆15Sep 29, 2022Updated 3 years ago
- FLARE floss applied to all unpacked+dumped samples in Malpedia, pre-processed for further use.☆82Jan 6, 2026Updated 6 months ago
- goLoL is a Windows host scanner with dual support for LOLBAS binaries and LOLDrivers. It lists LOLBAS techniques runnable at your current…☆66Jun 28, 2026Updated 2 weeks ago