nccgroup / KilledProcessCanaryLinks
A canary designed to minimize the impact from certain Ransomware actors
☆98Updated 4 years ago
Alternatives and similar repositories for KilledProcessCanary
Users that are interested in KilledProcessCanary are comparing it to the libraries listed below
Sorting:
- My conference presentations☆66Updated last year
- This repository contains procedures found in the Feb 2022 conti leaks. They were taken from the "manual_teams_c" rocketchat channel in th…☆87Updated 3 years ago
- This repository aims to collect and document indicators from the different C2's listed in the C2-Matrix☆73Updated 3 years ago
- Random hunting ordiented yara rules☆96Updated 2 years ago
- XOR Key Extractor☆50Updated 9 months ago
- Blueteam operational triage registry hunting/forensic tool.☆147Updated 2 years ago
- ☆38Updated 3 years ago
- A collection of tools to interact with Microsoft Security Response Center API☆96Updated last year
- Active C2 IoCs☆99Updated 2 years ago
- Simple PowerShell script to enable process scanning with Yara.☆93Updated 2 years ago
- Useful access control entries (ACE) on system access control list (SACL) of securable objects to find potential adversarial activity☆91Updated 3 years ago
- A library for fast parse & import of Windows Eventlogs into Elasticsearch.☆85Updated last month
- Tool for assessing on-premises Microsoft servers authentication such as ADFS, Skype, Exchange, and RDWeb☆145Updated 4 years ago
- A simple command line program to help defender test their detections for network beacon patterns and domain fronting☆69Updated 3 years ago
- YARI is an interactive debugger for YARA Language.☆88Updated 4 months ago
- Threat intelligence and threat detection indicators (IOC, IOA)☆52Updated 4 years ago
- Fraktal's Ransomware Emulator☆102Updated last year
- CyberChef - Detection Engineering, TI, DFIR, Malware Analysis Edition☆63Updated 2 years ago
- Powershell Event Tracing Toolbox☆75Updated 3 years ago
- Automatically create YARA rules from malicious documents.☆211Updated 3 years ago
- Rip Raw is a small tool to analyse the memory of compromised Linux systems.☆130Updated 3 years ago
- Pushes Sysmon Configs☆88Updated 3 years ago
- Detect possible sysmon logging bypasses given a specific configuration☆111Updated 6 years ago
- Stand-alone parser for User Access Logging from Server 2012 and newer systems☆73Updated last year
- ☆108Updated 3 years ago
- Repository with selected IOCs and YARA rules for threat hunting.☆35Updated 2 weeks ago
- Visual Studio Code Microsoft Sysinternal Sysmon configuration file extension.☆53Updated last year
- A collection of useful PowerShell tools to collect, organize, and visualize Sysmon event data☆39Updated 5 years ago
- A YARA Rule Performance Measurement Tool☆59Updated last year
- PSAttck is a light-weight framework for the MITRE ATT&CK Framework.☆38Updated 3 years ago