mandiant/sunburst_countermeasures external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

mandiant/sunburst_countermeasures

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/mandiant/sunburst_countermeasures)

Close

mandiant / sunburst_countermeasuresView on GitHubMore

• External links
• Readme badge

☆561Jun 1, 2023Updated 2 years ago

Alternatives and similar repositories for sunburst_countermeasures

Users that are interested in sunburst_countermeasures are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• mandiant / red_team_tool_countermeasures

  View on GitHub
  ☆2,670Mar 5, 2024Updated 2 years ago
• bambenek / research

  View on GitHub
  ☆100Dec 21, 2020Updated 5 years ago
• RedDrip7 / SunBurst_DGA_Decode

  View on GitHub
  SunBurst DGA Decode Script
  ☆206Jan 10, 2021Updated 5 years ago
• 2igosha / sunburst_dga

  View on GitHub
  ☆22Dec 22, 2020Updated 5 years ago
• eanmeyer / SolarwindsVulnerablityInfo

  View on GitHub
  Repository with all the Solarwinds Vulnerability information I've been tracking and using for communications, review, and technical under…
  ☆25Dec 19, 2020Updated 5 years ago
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• mandiant / ThreatPursuit-VM

  View on GitHub
  Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysi…
  ☆1,305Jun 1, 2023Updated 2 years ago
• mubix / solarflare

  View on GitHub
  SolarWinds Orion Account Audit / Password Dumping Utility
  ☆354Oct 9, 2023Updated 2 years ago
• sbousseaden / EVTX-ATTACK-SAMPLES

  View on GitHub
  Windows Events Attack Samples
  ☆2,560Jan 24, 2023Updated 3 years ago
• rkovar / sunburstlookups

  View on GitHub
  Quick lookup files for SUNBURST Backdoor
  ☆12Dec 15, 2020Updated 5 years ago
• sophos / SOREL-20M

  View on GitHub
  Sophos-ReversingLabs 20 million sample dataset
  ☆704Apr 7, 2021Updated 5 years ago
• chaoticmachinery / frac_rift

  View on GitHub
  FRAC and RIFT
  ☆17Mar 16, 2019Updated 7 years ago
• activecm / rita-legacy

  View on GitHub
  Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis…
  ☆2,508Jan 12, 2026Updated 4 months ago
• SigmaHQ / sigma

  View on GitHub
  Main Sigma Rule Repository
  ☆10,451Updated this week
• cisagov / Sparrow

  View on GitHub
  Sparrow.ps1 was created by CISA's Cloud Forensics team to help detect possible compromised accounts and applications in the Azure/m365 en…
  ☆1,429Dec 27, 2022Updated 3 years ago
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• mandiant / pulsesecure_exploitation_countermeasures

  View on GitHub
  ☆23Jun 1, 2023Updated 2 years ago
• reversinglabs / reversinglabs-yara-rules

  View on GitHub
  ReversingLabs YARA Rules
  ☆913Nov 3, 2025Updated 6 months ago
• Neo23x0 / signature-base

  View on GitHub
  YARA signature and IOC database for my scanners and tools
  ☆2,955May 8, 2026Updated last week
• Shadow0ps / solorigate_sample_source

  View on GitHub
  Decompile of the Solorwinds "SUNBURST" Trojan associated with Campaign UNC2452 This is the SolarWinds.Orion.Core.BusinessLayer.dll file f…
  ☆44Dec 14, 2020Updated 5 years ago
• clong / DetectionLab

  View on GitHub
  Automate the creation of a lab environment complete with security tooling and logging best practices
  ☆4,962Jul 6, 2024Updated last year
• OTRF / Security-Datasets

  View on GitHub
  Re-play Security Events
  ☆1,753Mar 20, 2024Updated 2 years ago
• davehull / Kansa

  View on GitHub
  A Powershell incident response framework
  ☆1,653Nov 22, 2022Updated 3 years ago
• sans-blue-team / DeepBlueCLI

  View on GitHub
  ☆2,405Oct 14, 2023Updated 2 years ago
• advanced-threat-research / Yara-Rules

  View on GitHub
  Repository of YARA rules made by Trellix ATR Team
  ☆627Mar 18, 2025Updated last year
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• trustedsec / SysmonCommunityGuide

  View on GitHub
  TrustedSec Sysinternals Sysmon Community Guide
  ☆1,413Feb 10, 2026Updated 3 months ago
• palantir / windows-event-forwarding

  View on GitHub
  A repository for using windows event forwarding for incident detection and response
  ☆1,323Sep 8, 2025Updated 8 months ago
• JPCERTCC / LogonTracer

  View on GitHub
  Investigate malicious Windows logon by visualizing and analyzing Windows event log
  ☆3,176Apr 22, 2026Updated 3 weeks ago
• ITAYC0HEN / SUNBURST-Cracked

  View on GitHub
  The following repository contains a modified version of SUNBURST with cracekd hashes, comments and annotations.
  ☆56Dec 23, 2020Updated 5 years ago
• DissectMalware / XLMMacroDeobfuscator

  View on GitHub
  Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)
  ☆586May 5, 2024Updated 2 years ago
• splunk / attack_range

  View on GitHub
  A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data int…
  ☆2,489May 9, 2026Updated last week
• sophos / solarwinds-threathunt

  View on GitHub
  Threathunt details for the Solarwinds compromise
  ☆33Jun 26, 2021Updated 4 years ago
• mattnotmax / cyberchef-recipes

  View on GitHub
  A list of cyber-chef recipes and curated links
  ☆2,201Jun 14, 2024Updated last year
• Te-k / cobaltstrike

  View on GitHub
  Code and yara rules to detect and analyze Cobalt Strike
  ☆273May 5, 2021Updated 5 years ago
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• CD-R0M / YARA

  View on GitHub
  Hundred Days of Yara Challenge
  ☆12Jun 21, 2022Updated 3 years ago
• orlikoski / CDQR

  View on GitHub
  The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted driv…
  ☆344Jun 25, 2022Updated 3 years ago
• MichaelKoczwara / Awesome-CobaltStrike-Defence

  View on GitHub
  Defences against Cobalt Strike
  ☆1,302Jul 14, 2022Updated 3 years ago
• Neo23x0 / Loki

  View on GitHub
  Loki - Simple IOC and YARA Scanner
  ☆3,753Jan 12, 2026Updated 4 months ago
• vadim-hunter / Detection-Ideas-Rules

  View on GitHub
  Detection Ideas & Rules repository.
  ☆178Sep 10, 2021Updated 4 years ago
• SwiftOnSecurity / sysmon-config

  View on GitHub
  Sysmon configuration file template with default high-quality event tracing
  ☆5,518Jul 3, 2024Updated last year
• mandiant / commando-vm

  View on GitHub
  Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mand…
  ☆7,640Oct 16, 2025Updated 7 months ago