modra76
Follow
Stars
Collects a listing of MITRE ATT&CK Techniques, then discovers Splunk ESCU detections for each technique
Rapidly Search and Hunt through Windows Forensic Artefacts
A True Instrumentable Binary Emulation Framework
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Compile shellcode into an exe file from Windows or Linux.
NTLMRawUnhide.py is a Python3 script designed to parse network packet capture files and extract NTLMv2 hashes in a crackable format. The following binary network packet capture formats are supporte…
Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)
Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
Extract AutoIt scripts embedded in PE binaries
A VBA parser and emulation engine to analyze malicious macros.
Chain Reactor is an open source framework for composing executables that simulate adversary behaviors and techniques on Linux endpoints.
A curated list of the most important and useful resources about Threat Detection,Hunting and Intelligence.
Course Repository for University of Cincinnati Malware Analysis Class (CS[567]038)
A toolset to make a system look as if it was the victim of an APT attack
Small and highly portable detection tests based on MITRE's ATT&CK.
Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team p…
Course materials for Advanced Binary Deobfuscation by NTT Secure Platform Laboratories
Investigate malicious Windows logon by visualizing and analyzing Windows event log
Primary data pipelines for intrusion detection, security analytics and threat hunting
AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.