0xtornado

0xtornado's Stars

• plerionhq/conditional-love

  An AWS metadata enumeration tool by Plerion

  Language:Python727

• invictus-ir/Microsoft-Extractor-Suite

  A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.

  Language:PowerShell45466

• Yamato-Security/hayabusa

  Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

  Language:Rust2.2k192

• cider-security-research/cicd-goat

  A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.

  Language:Python1.9k314

• tsale/translated_conti_leaked_comms

  Leaked communication of Conti ransomware group from Jan 29, 2021 to Feb 27, 2022

  12825

• BinaryDefense/ThreatHuntingJupyterNotebooks

  Language:Jupyter Notebook5810

• satwikkansal/wtfpython

  What the f*ck Python? 😱

  Language:Python35.7k2.7k

• DvAu26/dfir-orc-config

  Configurations for DFIR ORC

  Language:Batchfile32

• VirusTotal/yara

  The pattern matching swiss knife

  Language:C8.2k1.4k

• byt3bl33d3r/OffensiveNim

  My experiments in weaponizing Nim (https://nim-lang.org/)

  Language:Nim2.8k351

• olafhartong/sysmon-modular

  A repository of sysmon configuration modules

  Language:PowerShell2.6k585

• OTRF/ThreatHunter-Playbook

  A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

  Language:Python4k804

• SwiftOnSecurity/sysmon-config

  Sysmon configuration file template with default high-quality event tracing

  4.7k1.7k

• SigmaHQ/sigma

  Main Sigma Rule Repository

  Language:Python8.1k2.2k

• brimdata/zui

  Zui is a powerful desktop application for exploring and working with data. The official front-end to the Zed lake.

  Language:TypeScript1.8k129

• CERT-Polska/malduck

  :duck: Malduck is your ducky companion in malware analysis journeys

  Language:Python31332

• salesforce/ja3

  JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.

  Language:Python2.7k289

• CERT-Polska/mwdb-core

  Malware repository component for samples & static configuration with REST API interface.

  Language:Python31972

• exodusintel/CVE-2019-0808

  Win32k Exploit by Grant Willcox

  Language:JavaScript8840

• Azure/Azure-Sentinel

  Cloud-native SIEM for intelligent security analytics for your entire enterprise.

  Language:Jupyter Notebook4.5k3k

• elastic/detection-rules

  Language:Python1.9k488

• sbousseaden/PCAP-ATTACK

  PCAP Samples for Different Post Exploitation Techniques

  34174

• alphasoc/flightsim

  A utility to safely generate malicious network traffic patterns and evaluate controls.

  Language:Go1.2k132

• mandiant/capa

  The FLARE team's open-source tool to identify capabilities in executable files.

  Language:Python4.1k515

• mitre-attack/bzar

  A set of Zeek scripts to detect ATT&CK techniques.

  Language:Zeek55472

• ds4n6/ds4n6_lib

  Library of functions to apply Data Science in several forensics artifacts

  Language:Python377

• 504ensicsLabs/LiME

  LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. LiME is unique in that it is the first tool that allows full memory captures from Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition.

  Language:C1.7k336

• kevthehermit/RATDecoders

  Python Decoders for Common Remote Access Trojans

  Language:Python1.1k308

• bats3c/shad0w

  A post exploitation framework designed to operate covertly on heavily monitored environments

  Language:C2k322

• theevilbit/injection

  Language:C++785206