MalwareLabMurphy

MalwareLabMurphy's Stars

• firstcontributions/first-contributions

  🚀✨ Help beginners to contribute to open source projects

  47.1k83.5k

• certsocietegenerale/IRM

  Incident Response Methodologies 2022

  1k169

• splunk/rba

  RBA is Splunk's method to aggregate low-fidelity security events as interesting observations tagged with security metadata to create high-fidelity, low-volume alerts.

  509

• netbiosX/Checklists

  Red Teaming & Pentesting checklists for various engagements

  2.5k508

• FalconForceTeam/FalconFriday

  Hunting queries and detections

  76593

• swisskyrepo/PayloadsAllTheThings

  A list of useful payloads and bypass for Web Application Security and Pentest/CTF

  Language:Python63.6k15.1k

• microsoft/SysmonForLinux

  Sysmon for Linux

  Language:C1.8k195

• nasbench/SIGMA-Resources

  Resources To Learn And Understand SIGMA Rules

  17414

• reprise99/Sentinel-Queries

  Collection of KQL queries

  1.5k353

• chrivand/twitter_search_threatresponse

  Twitter Search to Cisco Threat Response Casebook [v1.0]

  Language:Python156

• chrivand/talos_blog_to_casebook

  This is a sample script how to parse the Talos blogs, and automatically add observables to Cisco Casebook.

  Language:Python187

• 0xDanielLopez/TweetFeed

  TweetFeed collects Indicators of Compromise (IOCs) shared by the infosec community at Twitter. Here you will find malicious URLs, domains, IPs, and SHA256/MD5 hashes.

  52658

• stuhli/awesome-event-ids

  Collection of Event ID ressources useful for Digital Forensics and Incident Response

  60385

• fastfire/deepdarkCTI

  Collection of Cyber Threat Intelligence sources from the deep and dark web

  4.8k840

• k-bailey/detection-engineering-maturity-matrix

  9313

• splunk/attack_data

  A repository of curated datasets from various attacks

  Language:Python622100

• magnologan/awesome-k8s-security

  A curated list for Awesome Kubernetes Security resources

  1.9k289

• olafhartong/sysmon-modular

  A repository of sysmon configuration modules

  Language:PowerShell2.7k606

• tomnomnom/gron

  Make JSON greppable!

  Language:Go14k329

• trustedsec/SysmonCommunityGuide

  TrustedSec Sysinternals Sysmon Community Guide

  Language:CSS1.2k168

• NextronSystems/APTSimulator

  A toolset to make a system look as if it was the victim of an APT attack

  Language:Batchfile2.5k436

• murchisd/splunk_pstree_app

  Custom Splunk search command to reconstruct a pstree from Sysmon process creation events (EventCode 1)

  Language:Python234

• iamrootsh3ll/AnchorWatch

  A Rogue Device Detection Script with Email Alerts Functionality for Windows Subsystem

  Language:PowerShell10118

• mitre-attack/mitreattack-python

  A python module for working with ATT&CK

  Language:Python517118

• mitre-attack/attack-navigator

  Web app that provides basic navigation and annotation of ATT&CK matrices

  Language:TypeScript2.1k612

• redcanaryco/atomic-red-team

  Small and highly portable detection tests based on MITRE's ATT&CK.

  Language:C10.2k2.9k

• rabobank-cdc/DeTTECT

  Detect Tactics, Techniques & Combat Threats

  Language:SCSS2.1k341

• microsoft/Microsoft-365-Defender-Hunting-Queries

  Sample queries for Advanced hunting in Microsoft 365 Defender

  Language:Jupyter Notebook2k548

• threathunters-io/laurel

  Transform Linux Audit logs for SIEM usage

  Language:Rust74862

• Azure/Azure-Sentinel

  Cloud-native SIEM for intelligent security analytics for your entire enterprise.

  Language:Python4.9k3.1k