serrastusbear / NewDomainSearch
Script to pull newly-registered domains and check for similarity against a provided word list.
☆13Updated 4 years ago
Related projects: ⓘ
- Indicators of compromise relating to our report on APT10's targeting of global MSPs☆10Updated 6 years ago
- ☆22Updated 3 years ago
- Light System Examination Toolkit (LISET) - logs & activity & configuration gathering utility that comes handy in fast Windows incident re…☆27Updated 8 years ago
- A collection of threat intelligence data such as IOC, Yara and Snort/Suricata Rules etc.☆10Updated 5 years ago
- ☆12Updated 3 years ago
- ☆24Updated last year
- Presentation materials for talks I've given.☆20Updated 4 years ago
- An extendable tool to extract and aggregate IoCs from threat feeds☆32Updated 7 months ago
- Collection of scripts used to analyse malware or emails☆19Updated 3 years ago
- Attempt to replicate the functions of auto_rip by Corey Harrell in Python.☆13Updated last month
- Repository of tools, YARA rules, and code-snippets from Stairwell's research team.☆21Updated 7 months ago
- A collection of Indicators of Compromise (IoCs), most aligning with samples derived from the signatures in the YARA-Signatures repo☆30Updated 4 years ago
- Yara rules☆18Updated last year
- Repository for scripts and tips for "Yara Scan Service"☆20Updated last year
- A script to assist in processing forensic RAM captures for malware triage☆27Updated 3 years ago
- Scripts to help hunt for possible golden/silver TGT tickets☆16Updated 7 years ago
- Links to malware-related YARA rules☆14Updated last year
- The Purpose of this research tool is to provide a Python client into RiskIQ API services.☆22Updated 3 years ago
- Threat hunting with EQL and Bro. This repo contains modifications to EQL and EQLLib to use BRO logs.☆8Updated 5 years ago
- Some rules, scripts of some use to us☆9Updated this week
- Can you pay the ransom in your country?☆13Updated 9 months ago
- Virustotal Data to Timesketch☆17Updated 5 years ago
- Home to the ActorTrackr source code☆27Updated 7 years ago
- Knowledge base of analytics designed to cover threats based on MITRE's ATT&CK.☆22Updated 5 years ago
- Steezy - Ghetto Yara Generation☆15Updated last year
- This is a repository for the public blog with Labs indicators of compromise.☆10Updated 4 years ago
- The mission of Black Lotus Labs is to leverage our network visibility to both help protect customers and keep the internet clean.☆11Updated 3 years ago
- ☆13Updated this week
- Gunslinger is used to hunt for Magecart sites using URLScan's API☆30Updated 2 years ago
- Easy way to create a MISP event related to a Phishing page☆17Updated last year