Incremental Machine Leaning by example - Detecting suspicious activity in real time with Zeek data streams, River and JA3 hashes
☆16Aug 10, 2022Updated 3 years ago
Alternatives and similar repositories for JA3_outlier
Users that are interested in JA3_outlier are comparing it to the libraries listed below
Sorting:
- Threat Detection Rules (Snort/Sigma/Yara)☆14Jan 23, 2024Updated 2 years ago
- Steve McCanne's Sharkfest '21 Talk☆16Oct 12, 2021Updated 4 years ago
- ☆18Jun 8, 2018Updated 7 years ago
- Python bindings for https://github.com/omerbenamram/mft☆23Dec 23, 2025Updated 2 months ago
- ☆16Mar 16, 2021Updated 4 years ago
- This repository hosts community contributed Kestrel analytics☆18May 28, 2024Updated last year
- (kinda) Malicious Outlook Reader☆19Mar 2, 2021Updated 5 years ago
- Threat Box Assessment Tool☆19Aug 15, 2021Updated 4 years ago
- Presentation materials for talks I've given.☆20Oct 14, 2019Updated 6 years ago
- A generic security incident response playbook investigating and responding to potential compromises of Okta's internal systems, in the co…☆20Mar 24, 2022Updated 3 years ago
- A few quick recipes for those that do not have much time during the day☆22Oct 28, 2024Updated last year
- PyCommand Scripts for Immunity Debugger☆37Jun 21, 2014Updated 11 years ago
- Standardized Malware Analysis Tool☆56Mar 9, 2021Updated 4 years ago
- CSIRT Jump Bag☆27Apr 25, 2024Updated last year
- A triage data collection script for macOS☆29Nov 27, 2020Updated 5 years ago
- ARDvark parses the Apple Remote Desktop (ARD) files to pull out application usage, user activity, and filesystem listings.☆36Jun 1, 2023Updated 2 years ago
- This repository hosts community contributed Kestrel huntflows (.hf) and huntbooks (.ipynb)☆37Jan 2, 2024Updated 2 years ago
- ☆33Feb 26, 2022Updated 4 years ago
- Scripts to integrate DFIR-IRIS, MISP and TimeSketch☆35Feb 2, 2022Updated 4 years ago
- PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.☆37Jul 11, 2023Updated 2 years ago
- Windows Security Logging☆43Jul 17, 2022Updated 3 years ago
- Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.☆208Jul 21, 2022Updated 3 years ago
- Get-MiniTimeline - Triage Collection and Timeline Generation w/ KAPE☆33May 25, 2024Updated last year
- Various capabilities for static malware analysis.☆80Sep 4, 2024Updated last year
- A parser for Unified logging tracev3 files☆97Jul 25, 2025Updated 7 months ago
- Sample SecOps scripts and Utilities☆12Jun 19, 2024Updated last year
- Bun starter☆12Feb 10, 2026Updated 3 weeks ago
- Remote Desktop Client Fingerprint script for Zeek. Based off of https://github.com/0x4D31/fatt☆40Jun 20, 2023Updated 2 years ago
- Latest version of GoFFish Distributed Graph Processing Platforms☆12Apr 30, 2018Updated 7 years ago
- Asset inventory of over 800 public bug bounty programs.☆12Jun 12, 2023Updated 2 years ago
- Powered by AI, BlinkID C SDK enables scanning, data extraction and OCR of various identity documents and passports.☆10May 5, 2022Updated 3 years ago
- PHP Application To Spoof And Send E-mail.☆10Jan 4, 2016Updated 10 years ago
- Enjoy Soundcloud without the need for a Pro account.☆18Jan 16, 2019Updated 7 years ago
- Library of threat hunts to get any user started!☆50Sep 4, 2020Updated 5 years ago
- CTI-URLScan is a command line tool to enable analysts to search URLscan.io submissions. Pull screenshot and DOM content. As well as, auto…☆10Mar 2, 2021Updated 5 years ago
- Yara rules I've written☆10Dec 9, 2015Updated 10 years ago
- Using AppleScript or JavaScript Hazel rules can use☆11Nov 2, 2018Updated 7 years ago
- Interactsh deployment to AWS EC2 Instance with Terraform☆11Dec 29, 2021Updated 4 years ago
- ☆11Jun 15, 2022Updated 3 years ago