A list of my personal and community supported projects on Github and all other locations
Generic Signature Format for SIEM Systems
https://github.com/Neo23x0/sigma
Community supported YARA signature database for my scanners LOKI and THOR Lite
https://github.com/Neo23x0/signature-base
PoC rules that cover a lot of different techniques and generic indicators. The mantra is If you had only one shot, what would you aim for?
Sigma https://gist.github.com/Neo23x0/811db09add59068a7a80273d7e5f6e0f
YARA https://gist.github.com/Neo23x0/f1bb645a4f715cb499150c5a14d82b44
Loki - Simple IOC Scanner
https://github.com/Neo23x0/Loki
Fast and flexible multi-platform IOC and YARA scanner
https://www.nextron-systems.com/thor-lite/
Simple Bash IOC Scanner
https://github.com/Neo23x0/Fenrir
A Simple Ransomware Protection
https://github.com/Neo23x0/Raccine
A YARA rule generator
https://github.com/Neo23x0/yarGen
Online hash checker for Virustotal and other services
https://github.com/Neo23x0/munin
A YARA rule performance measurement tool
https://github.com/Neo23x0/panopticon
XOR Key Evaluator for Encrypted Executables
https://github.com/Neo23x0/xorex
Yara Rule Analyzer and Statistics
https://github.com/Neo23x0/yarAnalyzer
A pattern extractor for obfuscated code
https://github.com/Neo23x0/Fnord
A generator that creates a unique hash over the relevant sections of a YARA rule
https://gist.github.com/Neo23x0/81990b8e5eb351a118dca1d5f2a2a86b
Learning aid with the most common base64 encoded strings seen in malicious code
https://gist.github.com/Neo23x0/6af876ee72b51676c82a2db8d2cd3639
Guidelines to help you write YARA rules that are fast and don't consume a lot of memory
https://gist.github.com/Neo23x0/e3d4e316d7441d9143c7
a bit outdated but still okay
How to Write Simple but Sound YARA Rules - Part1
How to Write Simple but Sound YARA Rules - Part2
How to Write Simple but Sound YARA Rules - Part3
How to Create a YARA Rule for a Compromised Certificate
A cheat sheet that help security monitoring anylsts process events from their antivirus products in a reasonable manner.
https://www.nextron-systems.com/?s=antivirus
A cheat sheet that help security monitoring anylsts process events from their web proxy products in a reasonable manner.
https://www.nextron-systems.com/?s=proxy+cheat
Best practice configuration for the Linux/Unix audit daemon.
https://github.com/Neo23x0/auditd
A Google Docs spreadsheet that tracks the different names and campaign of well-known threat groups.
APT Simulator is a Windows Batch script that uses a set of tools and output files to make a system look as if it was compromised (probably the most basic and simplest threat simulation tool available)
https://github.com/NextronSystems/APTSimulator
https://medium.com/@cyb3rops/the-newcomers-guide-to-cyber-threat-actor-naming-7428e18ee263
https://www.nextron-systems.com/2016/05/04/how-to-fall-victim-to-apt/
Security analyst workshop slides, with useful tools and services
https://www.slideshare.net/FlorianRoth2/security-analyst-workshop-20200212
Maturity Model of Security Disciplines (includes the table with the top log sources)
https://www.slideshare.net/FlorianRoth2/maturity-model-of-security-disciplines
The Pareto principle applied to a list of measures that increase malware resistance
https://www.slideshare.net/FlorianRoth2/ransomware-resistance
Describe and Share Generic Threat Detection Methods
https://web.tresorit.com/l/lN841#uqbRHdXCFzVVX8obs1OEUw&viewer=HzCnrjmYjRWrou0r2qMfspRZSPFyv4RC
A tool to run DLL files in sandbox systems (from October 2014)
https://github.com/Neo23x0/DLLRunner
A leak file analyzer
https://github.com/Neo23x0/radiocarbon
... (TBA)