nccgroup / KilledProcessCanaryLinks
A canary designed to minimize the impact from certain Ransomware actors
☆98Updated 4 years ago
Alternatives and similar repositories for KilledProcessCanary
Users that are interested in KilledProcessCanary are comparing it to the libraries listed below
Sorting:
- My conference presentations☆66Updated last year
- YARI is an interactive debugger for YARA Language.☆88Updated last week
- Utility that converts an .etl file containing a Windows network packet capture into .pcapng format.☆46Updated 5 years ago
- ☆60Updated 5 years ago
- Simple PowerShell script to enable process scanning with Yara.☆94Updated 2 years ago
- Fraktal's Ransomware Emulator☆102Updated last year
- A simple command line program to help defender test their detections for network beacon patterns and domain fronting☆69Updated 3 years ago
- This repository aims to collect and document indicators from the different C2's listed in the C2-Matrix☆73Updated 3 years ago
- Using Microsoft 365 App Passwords for persistence☆23Updated 4 years ago
- Useful access control entries (ACE) on system access control list (SACL) of securable objects to find potential adversarial activity☆93Updated 3 years ago
- Rip Raw is a small tool to analyse the memory of compromised Linux systems.☆131Updated 3 years ago
- C# User Simulation☆32Updated 2 years ago
- A zero dependency and customizable Python library for scanning Windows and Linux process memory.☆66Updated last year
- XOR Key Extractor☆50Updated 10 months ago
- Carbon Black Response IR tool☆53Updated 4 years ago
- See adversary, do adversary: Simple execution of commands for defensive tuning/research (now with more ELF on the shelf)☆105Updated 2 years ago
- Detect possible sysmon logging bypasses given a specific configuration☆111Updated 6 years ago
- A library for fast parse & import of Windows Eventlogs into Elasticsearch.☆85Updated this week
- ☆108Updated 3 years ago
- Yara Rules for Modern Malware☆77Updated last year
- Machine Interrogation To Identify Gaps & Techniques for Execution☆32Updated 2 years ago
- Blueteam operational triage registry hunting/forensic tool.☆148Updated 2 years ago
- PS-TrustedDocuments: PowerShell script to handle information on trusted documents for Microsoft Office☆35Updated 2 years ago
- ☆38Updated 3 years ago
- Powershell Event Tracing Toolbox☆75Updated 3 years ago
- Pushes Sysmon Configs☆88Updated 4 years ago
- 100 Days of YARA to be updated with rules & ideas as the year progresses☆60Updated 2 years ago
- Indicators of compromise, YARA rules, and Python scripts to supplement the SANS CTI Summit 2021 talk: "xStart when you're ready".☆14Updated 3 years ago
- The following repository contains a modified version of SUNBURST with cracekd hashes, comments and annotations.☆56Updated 4 years ago
- CyberChef - Detection Engineering, TI, DFIR, Malware Analysis Edition☆63Updated 2 years ago