A collection of tools and detections for the Sliver C2 Frameworj

A local-first personal finance app

Information Assurance and Security (CS460)

Useful network monitoring, analysis, and active response tools used or mentioned in the SANS SEC503 course (https://www.sans.org/course/intrusion-detection-in-depth)

UI, API, and Scanner (Rules Engine) services for Merry Maker

Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

Main Sigma Rule Repository

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

✨ A curated list of awesome threat detection and hunting resources 🕵️‍♂️

A command-line tool and Rust library with Python bindings for generating regular expressions from user-provided test cases

The Hunting ELK

Zeek Analysis Tools (ZAT): Processing and analysis of Zeek network data with Pandas, scikit-learn, Kafka and Spark

Scapy: the Python-based interactive packet manipulation program & library.

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

Contains Logstash related content including tons of Logstash configurations

Open EDR public repository

Identifies the bytes that Microsoft Defender flags on.

Automatically create YARA rules from malicious documents.

Re-play Security Events

A forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

GRR Rapid Response: remote live forensics for incident response

Performant type-checking for python.

Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.

GeoIP update client code

Guidance for mitigation web shells. #nsacyber

A community version of the Open Decision Framework - A flexible, open approach to making decisions and leading projects

Script to perform bulk local GeoIP lookups (ASN and geo) for IP addresses

Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.