pathtofile / siemcraft

Related projects: ⓘ

• mttaggart / wtfbins
  WTF are these binaries doing?! A list of benign applications that mimic malicious behavior.
  ☆149Updated 6 months ago
• NextronSystems / CyberChef
  CyberChef - Detection Engineering, TI, DFIR, Malware Analysis Edition
  ☆62Updated 2 years ago
• CrowdStrike / SuperMem
  A python script developed to process Windows memory images based on triage type.
  ☆259Updated 9 months ago
• Nirusu / how-to-setup-a-honeypot
  How to setup a honeypot with an IDS, ELK and TLS traffic inspection
  ☆150Updated 2 years ago
• hashlookup / hashlookup-forensic-analyser
  Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https…
  ☆121Updated 11 months ago
• cado-security / varc
  Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of par…
  ☆248Updated 11 months ago
• hpthreatresearch / subcrawl
  SubCrawl is a modular framework for discovering open directories, identifying unique content through signatures and organizing the data w…
  ☆143Updated 11 months ago
• blacklotuslabs / IOCs
  IOCs published by Black Lotus Labs
  ☆91Updated this week
• The-DFIR-Report / Sigma-Rules
  Rules generated from our investigations.
  ☆186Updated last month
• mandiant / thiri-notebook
  The Threat Hunting In Rapid Iterations (THIRI) Jupyter notebook is designed as a research aide to let you rapidly prototype threat huntin…
  ☆154Updated 2 years ago
• M00NLIG7 / ChopChopGo
  Rapidly Search and Hunt through Linux Forensics Artifacts
  ☆174Updated 8 months ago
• SigmaHQ / sigma-specification
  Sigma rule specification
  ☆105Updated 3 weeks ago
• Cyb3r-Monk / RITA-J
  Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.
  ☆192Updated 2 years ago
• Defenders-Guide / TheDefendersGuide
  The Github project for The Defender's Guide by Luke Paine and Jonathan Johnson
  ☆141Updated last year
• cado-security / rip_raw
  Rip Raw is a small tool to analyse the memory of compromised Linux systems.
  ☆131Updated 2 years ago
• jklepsercyber / defender-detectionhistory-parser
  A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.
  ☆109Updated 2 years ago
• pulsedive / certrss
  ☆113Updated 11 months ago
• CERN-CERT / pDNSSOC
  Leveraging MISP indicators via a pDNS-based infrastructure as a poor man’s SOC.
  ☆48Updated 2 weeks ago
• WithSecureLabs / detectree
  Data visualization for blue teams
  ☆122Updated last year
• AirbusProtect / AD-Canaries
  The purpose of this project is to publish and maintain the deployment PowerShell script that automates deployments for Active Directory C…
  ☆200Updated 9 months ago
• swimlane / atomic-operator
  A Python package is used to execute Atomic Red Team tests (Atomics) across multiple operating system environments.
  ☆135Updated 2 months ago
• 0x706972686f / RMM-Catalogue
  ☆72Updated last month
• cgosec / Blauhaunt
  A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you com…
  ☆159Updated 5 months ago
• SigmaHQ / sigma-cli
  The Sigma command line interface based on pySigma
  ☆130Updated last month
• cisagov / parsnip
  ☆68Updated this week
• mttaggart / seclab
  Automated security lab provisioning
  ☆65Updated 2 months ago
• gtworek / VolatileDataCollector
  ☆168Updated 8 months ago
• iknowjason / AutomatedEmulation
  An automated Breach and Attack Simulation lab with terraform. Built for IaC stability, consistency, and speed.
  ☆152Updated 2 months ago
• tsale / translated_conti_leaked_comms
  Leaked communication of Conti ransomware group from Jan 29, 2021 to Feb 27, 2022
  ☆128Updated 2 years ago