Sublime rules for email attack detection, prevention, and threat hunting.

Public static website for the D3FEND project. For the D3FEND ontology repo see: https://github.com/d3fend/d3fend-ontology

Stakeholder-Specific Vulnerability Categorization

A knowledge base of actionable Incident Response techniques

TheHive: a Scalable, Open Source and Free Security Incident Response Platform

MCP Server for Ghidra

Matkap - hunt down malicious Telegram bots

Resolving sinkholed domains

Threat-hunting tool for Linux

Small and highly portable detection tests based on MITRE's ATT&CK.

Splunk Content Control Tool

Block file creation with use of eBPF

FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (EXT4, XFS) journals (not systemd-journald), generates timelines, and detects suspicious activities.

Windows kernel and user mode emulation.

A tool for checking if MFA is enabled on multiple Microsoft Services

This repository is for Indicators of Compromise (IOCs) from Zscaler ThreatLabz public reports

A Python reference implementation for CZDS download zone file API

BadZure orchestrates the setup of Azure AD tenants, populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack …

🕵️‍♂️ All-in-one OSINT tool for analysing any website

Set of SIGMA rules (>350) mapped to MITRE ATT&CK tactic and techniques

Records an executable's network activity into a Full Packet Capture file (.pcap) and much more.

A comprehensive list of usable Entra ID first-party clients with pre-consented Microsoft Graph scopes, in a simple YAML-file explorable with a simple HTML GUI.

攻击流量包，辅助安全运营/分析人员，HVV蓝队工程师开展流量攻击研判工作

Because AV evasion should be easy.

Analyse your malware to surgically obfuscate it

View ETW Provider manifest

Events from all manifest-based and mof-based ETW providers across Windows 10 versions