jorritfolmer / EDRevals
Splunk app to compare Endpoint Detection and Response solutions based on MITRE ATT&CK evaluations (APT3, APT29, Carbanak + FIN7, Wizard Spider + Sandworm)
☆18Updated 2 years ago
Alternatives and similar repositories for EDRevals:
Users that are interested in EDRevals are comparing it to the libraries listed below
- Windows GUI/Execution Engine for Atomic Red Team Atomics☆34Updated 4 years ago
- Hunt for Keywords , Mutex, Windows Event,Registry Keys,Process,Schedule tasks in Windows Machine☆22Updated 3 months ago
- Tweettioc Splunk App☆20Updated 4 years ago
- ATT&CK Evaluations website (DEPRECATED)☆59Updated 3 years ago
- Notebooks created to attack and secure Active Directory environments☆27Updated 5 years ago
- A CALDERA plugin for ATT&CK Evaluations Round 1☆33Updated last year
- A tool to assess data quality, built on top of the awesome OSSEM.☆76Updated 2 years ago
- Carbon Black Response IR tool☆53Updated 4 years ago
- Splunk scripted input for opening a backconnect shell on a remote forwarder☆45Updated 4 years ago
- Queries for Carbon Black Response☆11Updated 5 years ago
- PowerShell script for hunting webshells on Microsoft Exchange Servers.☆55Updated 8 years ago
- The new name is DeTT&CT☆24Updated 5 years ago
- BloodHound Cypher Queries Ported to a Jupyter Notebook☆53Updated 4 years ago
- ☆53Updated 6 years ago
- BloodHound Data Scanner☆44Updated 4 years ago
- ☆55Updated 4 years ago
- Active C2 IoCs☆97Updated 2 years ago
- Automatic detection engineering technical state compliance☆54Updated 8 months ago
- This is a repository that is meant to hold detections for various process injection techniques.☆34Updated 5 years ago
- Old home of LimaCharlie, open source EDR☆30Updated last year
- Splunk Dashboard for CobaltStrike logs☆86Updated 3 years ago
- PoC that manipulates Windows file times using SetFileTime() API☆58Updated 5 years ago
- Detecting PowerShell Empire, Metasploit Meterpreter and Cobalt Strike agents by payload size sequence analysis and host correlation☆16Updated 6 years ago
- Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.☆76Updated 3 years ago
- Repository for my ATT&CK analysis research.☆68Updated 5 years ago
- ☆26Updated 3 years ago
- A repository of Sysmon For Linux configuration modules☆15Updated 3 years ago
- Threat Mapping Catalogue☆17Updated 3 years ago
- Links to malware-related YARA rules☆14Updated 2 years ago
- Building ActiveDirectory Lab for practicing various attack vectors used during Red Team engagement.☆36Updated 5 years ago