strontic / xcyclopedia
Encyclopedia for Executables
☆436Updated 3 years ago
Alternatives and similar repositories for xcyclopedia:
Users that are interested in xcyclopedia are comparing it to the libraries listed below
- Sysmon EDR POC Build within Powershell to prove ability.☆223Updated 3 years ago
- Misc Threat Hunting Resources☆374Updated 2 years ago
- Repository of YARA rules made by Trellix ATR Team☆583Updated 2 weeks ago
- C# based evtx parser with lots of extras☆296Updated 2 weeks ago
- MAL-CL (Malicious Command-Line)☆310Updated 2 years ago
- A repository of DFIR-related Mind Maps geared towards the visual learners!☆517Updated 2 years ago
- A collection of red team and adversary emulation resources developed and released by MITRE.☆499Updated 3 years ago
- #ThreatHunting #DFIR #Malware #Detection Mind Maps☆290Updated 3 years ago
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆705Updated last month
- A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.☆373Updated 2 years ago
- Collection of Event ID ressources useful for Digital Forensics and Incident Response☆610Updated 9 months ago
- Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.☆559Updated 2 months ago
- Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)☆577Updated 10 months ago
- Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detection…☆844Updated 3 years ago
- Threat Hunting tool about Sysmon and graphs☆330Updated last year
- PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monit…☆795Updated 3 months ago
- IOC from articles, tweets for archives☆313Updated last year
- A python script developed to process Windows memory images based on triage type.☆261Updated last year
- Sysmon configuration file template with default high-quality event tracing☆478Updated last year
- Event Tracing For Windows (ETW) Resources☆369Updated 5 months ago
- Collection of private Yara rules.☆345Updated 3 weeks ago
- PowerShell script for deobfuscating encoded PowerShell scripts☆425Updated 4 years ago
- Hunting queries and detections☆780Updated 2 months ago
- ☆130Updated last year
- Public Repo for Atomic Test Harness☆266Updated 8 months ago
- Tool Analysis Result Sheet☆348Updated 7 years ago
- A wireshark plugin to instrument ETW☆552Updated 3 years ago
- A repo containing tools developed by Carbon Black's Threat Research Team: Threat Analysis Unit☆233Updated 3 years ago
- Standard collection of rules for capa: the tool for enumerating the capabilities of programs☆569Updated last week
- This script is made to collect the most valiable artifacts for foreniscs or incident reponse investigation rather than imaging the whole …☆198Updated 4 years ago