Detecting DNS Spoofing, DNS Tunneling, DNS Exfiltration
☆36Sep 28, 2015Updated 10 years ago
Alternatives and similar repositories for dns_detection
Users that are interested in dns_detection are comparing it to the libraries listed below
Sorting:
- ☆55Mar 2, 2022Updated 4 years ago
- InvestigationPlaybookSpec☆71Sep 26, 2017Updated 8 years ago
- Cuckoo Sandbox Local Maltego Transforms Project☆49Jul 2, 2014Updated 11 years ago
- Splunk App to assist Sysmon Threat Hunting☆38Mar 7, 2017Updated 8 years ago
- Ops-Trust Platform - Portal☆21Aug 5, 2016Updated 9 years ago
- Training materials I've written.☆11Nov 11, 2025Updated 3 months ago
- Splunk Searches and Dashboards for DNS Threat Hunting☆10Mar 5, 2018Updated 7 years ago
- Teensy code to brute force a keylogger's unlock code☆15Sep 5, 2016Updated 9 years ago
- Quick lookup files for SUNBURST Backdoor☆12Dec 15, 2020Updated 5 years ago
- Home to the ActorTrackr source code☆24Jun 21, 2017Updated 8 years ago
- Expert Investigation Guides☆51Mar 18, 2021Updated 4 years ago
- PowerShell No Agent Hunting☆111Apr 23, 2018Updated 7 years ago
- Code and templates required to build the DARPA open catalog.☆17Mar 23, 2016Updated 9 years ago
- [ARCHIVED -- USE TXT2DETECTION] A command line tool that converts Sigma Rules into STIX 2.1 Objects.☆12Feb 19, 2026Updated last week
- A Bro package to identify connections that are bursting (lots of data and transferring quickly).☆13Oct 15, 2020Updated 5 years ago
- Enables dynamic translation of structured data between formats☆14Dec 14, 2018Updated 7 years ago
- See here:☆43Dec 6, 2012Updated 13 years ago
- Scripts for accessing and transforming cyber threat intelligence☆26Nov 22, 2015Updated 10 years ago
- VPS infrastructure found in HT dumps☆26Jul 10, 2015Updated 10 years ago
- Plugins for the Viper Framework☆14Sep 21, 2019Updated 6 years ago
- A collection of bro_scripts and signatures☆27Jun 26, 2019Updated 6 years ago
- A proof of concept demonstrating the use of Google Drive for command and control.☆87Jul 19, 2018Updated 7 years ago
- Threat Intelligence distribution☆31Dec 30, 2015Updated 10 years ago
- A Splunk app to use MISP in background☆113Jan 8, 2026Updated last month
- Script for pulling events from a MISP database and converting them to Autofocus queries.☆13Dec 28, 2015Updated 10 years ago
- The Suspicious Email Submitter is a discontinued browser extension (Chrome, Chromium, Firefox) for the easy submission of suspicious emai…☆15Mar 6, 2023Updated 2 years ago
- Systematic Classification Engine for Advanced Data ANalysis☆22Mar 6, 2017Updated 8 years ago
- ☆14Jul 8, 2016Updated 9 years ago
- Zeek plugin to generate data on per-packet sizes and intervals☆14Apr 21, 2020Updated 5 years ago
- Website letting users query information from many different security threat intelligence APIs☆26Sep 30, 2020Updated 5 years ago
- ☆14Aug 28, 2016Updated 9 years ago
- Network Forensics Bro scripts & pcap samples☆63Mar 11, 2014Updated 11 years ago
- Attack Knowledge Base☆101Jul 5, 2017Updated 8 years ago
- Generates YARA rules to detect malware using API hashing☆17Mar 16, 2021Updated 4 years ago
- CyCAT.org taxonomies☆15May 22, 2021Updated 4 years ago
- A Splunk app with saved reports derived from Sigma rules☆73Apr 24, 2018Updated 7 years ago
- Exporting MISP event attributes to yara rules usable with Thor apt scanner☆24Mar 27, 2017Updated 8 years ago
- brocon-15 scripts☆13Apr 3, 2017Updated 8 years ago
- Deploy and maintain Symon through the Splunk Deployment Sever☆32Jul 30, 2020Updated 5 years ago