Generic Signature Format for SIEM Systems

Open Source EDR for Windows

Zeek package for tracking long connections to report them before they have completed.

Shuffle: A general purpose security automation platform platform. We focus on accessibility for all.

Apps to be used for Shuffle SOAR

An open standard for hashing network flows into identifiers, a.k.a "Community IDs".

Workflows for Shuffle

Python-based utility that uses supervised machine learning to detect phishing domains from the Certificate Transparency log network.

Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.

Zeek Unit Testing. Provides a framework to write unit tests for Zeek scripts.

PCAP Samples for Different Post Exploitation Techniques

Search for potential frontable domains

A set of Zeek scripts to detect ATT&CK techniques.

Misc. Bro scripts

DNS Rebinding Exploitation Framework

Zeek script using the official ICANN Top-Level Domain (TLD) list with the Input Framework to extract the relevant information from a DNS query and mark whether it's trusted or not. The source of th…

DNS Dashboard for hunting and identifying beaconing

Gathering of scripts that explore using Zeek to detect MITRE ATT&CK techniques.

A list of Domain Frontable Domains by CDN

Bro analyzer for LDAP write operations

Metasploit Framework

Tunnel IP over ICMP.

Various Bro scripts