mttaggart / wtfbinsLinks
WTF are these binaries doing?! A list of benign applications that mimic malicious behavior.
☆166Updated 2 months ago
Alternatives and similar repositories for wtfbins
Users that are interested in wtfbins are comparing it to the libraries listed below
Sorting:
- The Github project for The Defender's Guide by Luke Paine and Jonathan Johnson☆154Updated 2 years ago
- ☆201Updated 7 months ago
- Repository of attack and defensive information for Business Email Compromise investigations☆256Updated last month
- A repository to share publicly available Velociraptor detection content☆173Updated this week
- Sigma rules to share with the community☆122Updated 4 months ago
- Full of public notes and Utilities☆117Updated 4 months ago
- Active C&C Detector☆154Updated last year
- A python script developed to process Windows memory images based on triage type.☆262Updated last year
- Windows Malware Investigation Scripts & Docs☆83Updated 7 months ago
- Jupyter Notebooks for the Blue Team☆144Updated 3 months ago
- Search Index Database Reporter☆111Updated 7 months ago
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆85Updated 4 months ago
- ☆99Updated 3 months ago
- Rules generated from our investigations.☆195Updated last week
- ☆121Updated last year
- Powershell module for VMWare vSphere forensics☆152Updated 7 months ago
- ☆250Updated last year
- A collection of Powershell scripts that will help automate the build process for a Marvel domain.☆147Updated last year
- A Jupyter notebook to assist with the analysis of the output generated from Volatility memory extraction framework.☆95Updated 2 years ago
- This repo is where I store my Threat Hunting ideas/content☆88Updated 2 years ago
- Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.☆203Updated 2 years ago
- LotL RMM☆208Updated this week
- A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.☆155Updated 2 months ago
- Pushes Sysmon Configs☆88Updated 4 years ago
- LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. T…☆123Updated 4 months ago
- Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR☆240Updated 2 months ago
- The purpose of this project is to publish and maintain the deployment PowerShell script that automates deployments for Active Directory C…☆252Updated last year
- MITRE ATT&CK mapped queries for SentinelOne Deep Visiblity☆89Updated 4 years ago
- This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.☆109Updated last year
- A Python package is used to execute Atomic Red Team tests (Atomics) across multiple operating system environments.☆138Updated 11 months ago