Skip to content
Change the repository type filter

All

    Repositories list

    • 1300Updated Dec 18, 2024Dec 18, 2024
    • Jupyter Notebook
      0500Updated Sep 9, 2024Sep 9, 2024
    • Python
      4614020Updated May 24, 2024May 24, 2024
    • PowerShell
      1300Updated Apr 5, 2024Apr 5, 2024
    • Simple PowerShell script to enable process scanning with Yara.
      PowerShell
      GNU General Public License v3.0
      209001Updated Oct 4, 2022Oct 4, 2022
    • Microsoft Logic App for consuming Open Threat Exchange (OTX) data in Microsoft Sentinel / Log Analytics Workspace
      MIT License
      0200Updated Sep 15, 2022Sep 15, 2022
    • Ghidra script for extracting embedded Rust crate dependency strings from a compiled Rust binary
      Python
      32700Updated Aug 9, 2022Aug 9, 2022
    • A place to share attack chains for testing people, process, and technology with the entire community. The largest, public library of adversary emulation and adversary simulation plans! #ThreatThursday
      PowerShell
      MIT License
      88500Updated Jul 27, 2022Jul 27, 2022
    • decloaker

      Public
      A script that attempts to decloak symbiote activity, and some other LD_PRELOAD activity
      Shell
      0300Updated Jun 26, 2022Jun 26, 2022
    • sigma

      Public
      Generic Signature Format for SIEM Systems
      Python
      Other
      2.2k300Updated Jun 10, 2022Jun 10, 2022
    • Jupyter Notebook
      105810Updated May 13, 2022May 13, 2022
    • Python Flask web app that checks names for potential homoglyph characteristics and reports results in json format
      Python
      MIT License
      2300Updated Apr 21, 2022Apr 21, 2022
    • .Net Libraries (DLLs) re-written from scratch that emulate the functionality of Borat RAT for defese testing purposes
      C#
      MIT License
      0200Updated Apr 14, 2022Apr 14, 2022
    • A simple command line program to help defender test their detections for network beacon patterns and domain fronting
      Go
      MIT License
      116600Updated Feb 3, 2022Feb 3, 2022
    • artillery

      Public
      The Artillery Project is an open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods.
      Python
      2951k222Updated Jan 6, 2022Jan 6, 2022
    • Internal network honeypot for detecting if an attacker or insider threat scans your network for log4j CVE-2021-44228
      Python
      2414810Updated Dec 20, 2021Dec 20, 2021
    • List of mining pool domain names for use in detection logic
      1200Updated Dec 20, 2021Dec 20, 2021
    • 0100Updated Nov 10, 2021Nov 10, 2021
    • A repository of sysmon configuration modules
      PowerShell
      MIT License
      595500Updated Jun 30, 2021Jun 30, 2021
    • Security analyzers for the FSharp (F#) language
      F#
      MIT License
      43710Updated May 24, 2021May 24, 2021
    • IcedID Decryption Tool
      Python
      42800Updated May 7, 2021May 7, 2021
    • F#
      MIT License
      0000Updated Jan 29, 2021Jan 29, 2021
    • 0000Updated Jan 8, 2021Jan 8, 2021
    • A Myriad plugin for generating statically typed lossless wrappers around JToken given a schema.
      F#
      MIT License
      21520Updated Jul 1, 2020Jul 1, 2020
    • goatrider

      Public
      GoatRider is a simple tool that will dynamically pull down Artillery Threat Intelligence Feeds, TOR, AlienVaults OTX, and the Alexa top 1 million websites and do a comparison to a hostname file or IP file.
      Python
      Other
      4013821Updated Nov 26, 2018Nov 26, 2018