sans-blue-team / freq.pyView external linksLinks
Mark Baggett's (@MarkBaggett - GSE #15, SANS SEC573 Author) tool for detecting randomness using NLP techniques rather than pure entropy calculations. Uses character pair frequency analysis to determine the likelihood of tested strings of characters occurring.
☆129Oct 24, 2022Updated 3 years ago
Alternatives and similar repositories for freq.py
Users that are interested in freq.py are comparing it to the libraries listed below
Sorting:
- This is a repository for freq.py and freq_server.py☆214Feb 1, 2026Updated 2 weeks ago
- ☆227Nov 9, 2023Updated 2 years ago
- This repository is created to add value to existing Network Security Monitoring solutions.☆42Sep 20, 2016Updated 9 years ago
- This repository is created to add value to existing Network Security Monitoring solutions.☆17Sep 30, 2016Updated 9 years ago
- Indices for courses in SANS' Network Security Operations curriculum☆17Feb 5, 2016Updated 10 years ago
- ☆2,383Oct 14, 2023Updated 2 years ago
- Tools, techniques, cheat sheets, and other resources to assist those defending organizations and detecting adversaries☆457Feb 4, 2022Updated 4 years ago
- ☆196May 23, 2024Updated last year
- String extraction and classification tool for binary files, designed to extract only the strings that can be considered relevant (i.e. no…☆10Aug 9, 2020Updated 5 years ago
- Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis…☆2,514Jan 12, 2026Updated last month
- A Powershell incident response framework☆1,639Nov 22, 2022Updated 3 years ago
- Learn about a network from a pcap file or reading from an interface☆29Apr 6, 2024Updated last year
- SANS Blue Team Pages☆13Apr 8, 2017Updated 8 years ago
- Network Forensics Workshop Files☆17Apr 21, 2015Updated 10 years ago
- command line tool to use the DNSDB Flexible Search API extensions.☆16Aug 5, 2024Updated last year
- An analytical framework for network traffic and behavioral analytics☆457Dec 7, 2022Updated 3 years ago
- Configuration files for the SOF-ELK VM☆1,715Jan 21, 2026Updated 3 weeks ago
- ☆50Aug 30, 2020Updated 5 years ago
- Cloud Templates and scripts to deploy mordor environments☆129Mar 3, 2021Updated 4 years ago
- Synapse: a Meta Alert Feeder for TheHive, a Security Incident Response Platform☆71Jul 28, 2023Updated 2 years ago
- Searches For Threat Hunting and Security Analytics☆238Mar 26, 2025Updated 10 months ago
- Re-play Security Events☆1,723Mar 20, 2024Updated last year
- Open-source framework to detect outliers in Elasticsearch events☆208May 22, 2023Updated 2 years ago
- Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The…☆177Jun 10, 2021Updated 4 years ago
- A Maltego transform and machine to identify possible phishing vectors using permutated domains☆15Oct 14, 2015Updated 10 years ago
- ☆77Jun 25, 2019Updated 6 years ago
- Tool Analysis Result Sheet☆356Dec 4, 2017Updated 8 years ago
- A collection of useful PowerShell tools to collect, organize, and visualize Sysmon event data☆39Mar 23, 2020Updated 5 years ago
- The Hunting ELK☆3,913Jun 1, 2024Updated last year
- Main Sigma Rule Repository☆10,109Updated this week
- ☆23Jul 7, 2020Updated 5 years ago
- All-in-one bundle of MISP, TheHive and Cortex☆169Sep 27, 2022Updated 3 years ago
- A repository of sysmon configuration modules☆2,968Aug 21, 2024Updated last year
- Cyber Defence Monitoring Course Suite :: Suricata, Bro, Moloch☆61Feb 20, 2017Updated 8 years ago
- ☆202Oct 31, 2021Updated 4 years ago
- Windows version of honeybits - a PoC tool to create breadcrumbs and honeytokens, to lead the attackers to your honeypots!☆25Jun 19, 2017Updated 8 years ago
- Linux #rootkit and #malware revealer☆31Aug 1, 2024Updated last year
- Top DNS Measurement for Bro☆11Aug 22, 2020Updated 5 years ago
- PowerShell scripts to aid investigators when utilizing O365 and Magnet Axiom.☆12Aug 26, 2024Updated last year