y3n11 / CaptainLinks
Userland API monitor for threat hunting
☆58Updated 5 years ago
Alternatives and similar repositories for Captain
Users that are interested in Captain are comparing it to the libraries listed below
Sorting:
- Random hunting ordiented yara rules☆97Updated 2 years ago
- Generate YARA rules for OOXML documents.☆38Updated 2 years ago
- Links to malware-related YARA rules☆15Updated 2 years ago
- ☆27Updated 3 years ago
- VSCode extension for the YARA pattern matching language☆64Updated last year
- 100 Days of YARA to be updated with rules & ideas as the year progresses☆60Updated 2 years ago
- ConventionEngine - A Yara Rulepack for PDB Path Hunting☆38Updated 2 years ago
- This is a repository that is meant to hold detections for various process injection techniques.☆34Updated 5 years ago
- A repository that maps API calls to Sysmon Event ID's.☆122Updated 2 years ago
- Machine Interrogation To Identify Gaps & Techniques for Execution☆32Updated 2 years ago
- YARA rule analyzer to improve rule quality and performance☆102Updated 2 months ago
- A powershell parser for https://github.com/ufrisk/MemProcFS☆44Updated 4 years ago
- ☆15Updated 3 years ago
- Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.☆76Updated 3 years ago
- Telsy CTI Research Team☆57Updated 4 years ago
- Modular malware analysis artifact collection and correlation framework☆53Updated last year
- runsc loads 32/64 bit shellcode (depending on how runsc is compiled) in a way that makes it easy to load in a debugger. This code is base…☆36Updated 2 years ago
- Scripts and tools accompanying HP Threat Research blog posts and reports.☆50Updated last year
- A list of Mitre Caldera compatible emulation-plans☆14Updated 4 years ago
- Documentation and parsers for different anti-virus quarantine formats.☆42Updated 4 years ago
- ☆34Updated 2 years ago
- Various capabilities for static malware analysis.☆78Updated 9 months ago
- Python based CLI for MalwareBazaar☆37Updated 7 months ago
- ☆33Updated 3 years ago
- A repo to document API functions mapped to security events across diverse platforms☆75Updated 5 years ago
- Theat hunting notes in flat file format and mapped to MITRE's ATT&CK IDs☆42Updated 6 years ago
- Alternative YARA scanning engine☆70Updated 2 years ago
- Manipulate timestamps on NTFS☆52Updated 10 years ago
- ☆48Updated 5 years ago
- Collection of YARA signatures from individual research☆44Updated last year