0xtornado's Stars
plerionhq/conditional-love
An AWS metadata enumeration tool by Plerion
invictus-ir/Microsoft-Extractor-Suite
A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.
Yamato-Security/hayabusa
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
cider-security-research/cicd-goat
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
tsale/translated_conti_leaked_comms
Leaked communication of Conti ransomware group from Jan 29, 2021 to Feb 27, 2022
BinaryDefense/ThreatHuntingJupyterNotebooks
satwikkansal/wtfpython
What the f*ck Python? 😱
DvAu26/dfir-orc-config
Configurations for DFIR ORC
VirusTotal/yara
The pattern matching swiss knife
byt3bl33d3r/OffensiveNim
My experiments in weaponizing Nim (https://nim-lang.org/)
olafhartong/sysmon-modular
A repository of sysmon configuration modules
OTRF/ThreatHunter-Playbook
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
SwiftOnSecurity/sysmon-config
Sysmon configuration file template with default high-quality event tracing
SigmaHQ/sigma
Main Sigma Rule Repository
brimdata/zui
Zui is a powerful desktop application for exploring and working with data. The official front-end to the Zed lake.
CERT-Polska/malduck
:duck: Malduck is your ducky companion in malware analysis journeys
salesforce/ja3
JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.
CERT-Polska/mwdb-core
Malware repository component for samples & static configuration with REST API interface.
exodusintel/CVE-2019-0808
Win32k Exploit by Grant Willcox
Azure/Azure-Sentinel
Cloud-native SIEM for intelligent security analytics for your entire enterprise.
elastic/detection-rules
sbousseaden/PCAP-ATTACK
PCAP Samples for Different Post Exploitation Techniques
alphasoc/flightsim
A utility to safely generate malicious network traffic patterns and evaluate controls.
mandiant/capa
The FLARE team's open-source tool to identify capabilities in executable files.
mitre-attack/bzar
A set of Zeek scripts to detect ATT&CK techniques.
ds4n6/ds4n6_lib
Library of functions to apply Data Science in several forensics artifacts
504ensicsLabs/LiME
LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. LiME is unique in that it is the first tool that allows full memory captures from Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition.
kevthehermit/RATDecoders
Python Decoders for Common Remote Access Trojans
bats3c/shad0w
A post exploitation framework designed to operate covertly on heavily monitored environments
theevilbit/injection