nccgroup / JA3_outlier
Incremental Machine Leaning by example - Detecting suspicious activity in real time with Zeek data streams, River and JA3 hashes
☆15Updated 2 years ago
Related projects ⓘ
Alternatives and complementary repositories for JA3_outlier
- Log aggregation, analysis, alerting and correlation for Windows, Syslog and text based logs.☆24Updated 8 years ago
- Collection of IoCs available and related to attacks on ESXi infrastructures that occurred as of Friday February 3, 2023.☆12Updated last year
- IOCPARSER.COM is a Fast and Reliable service that enables you to extract IOCs and intelligence from different data sources.☆34Updated 2 years ago
- Winterfell hunt is a python script to perform auto threat hunting for malicious activities in windows OS based on collected data by winte…☆14Updated 4 years ago
- ☆24Updated 2 years ago
- A few quick recipes for those that do not have much time during the day☆21Updated 3 weeks ago
- Presentation materials for talks I've given.☆20Updated 5 years ago
- ☆19Updated 4 years ago
- Bluehat 2018 Graphs for Security Workshop☆42Updated 6 years ago
- A dataset of phishing kits in the wild☆15Updated 5 months ago
- Splunk Technology-AddOn for Aurora Sigma-Based EDR Agent. It helps parse and configure the necessary inputs to neatly consume Aurora EDR …☆13Updated 2 years ago
- Speaking materials from conferences I've given☆9Updated 2 years ago
- Generic Signature Format for SIEM Systems☆14Updated 3 years ago
- Searches for Insider Threat Hunting☆30Updated 5 years ago
- Threat hunting with EQL and Bro. This repo contains modifications to EQL and EQLLib to use BRO logs.☆8Updated 5 years ago
- Can you pay the ransom in your country?☆14Updated 11 months ago
- A list of IOCs applicable to PoshC2☆24Updated 4 years ago
- A script to assist in processing forensic RAM captures for malware triage☆27Updated 3 years ago
- Generate bulk YARA rules from YAML input☆22Updated 4 years ago
- Automatic detection engineering technical state compliance☆51Updated 4 months ago
- The FastIR Server is a Web server to schedule FastIR Collector forensics collect thanks to the FastIR Agent☆12Updated 7 years ago
- Cont3xt intends to centralize and simplify a structured approach to gathering contextual intelligence in support of technical investigati…☆36Updated 8 months ago
- Links to malware-related YARA rules☆14Updated 2 years ago
- Yara rules☆20Updated last year
- Modular malware analysis artifact collection and correlation framework☆53Updated 7 months ago
- Threat Mitigation Strategies☆25Updated last year
- Conceptual Methods for Finding Commonalities in Macho Files☆12Updated 8 months ago
- ☆22Updated 3 years ago
- TIBER-Cases is a project created to give cases of The Hive platform for Threat Intelligence Analysts mainly. All the cases are mapped to …☆26Updated 2 years ago