Trellix Advanced Research Center

Pinned Repositories

Creosote
Creosote is our solution to searching for the tarfile vulnerability described by CVE-2007-4559.
Language:Python83 9 314
CVE-2020-16898
CVE-2020-16898 (Bad Neighbor) Microsoft Windows TCP/IP Vulnerability Detection Logic and Rule
Language:Lua207 18 131
CVE-2020-16899
CVE-2020-16899 - Microsoft Windows TCP/IP Vulnerability Detection Logic and Rule
Language:Lua21 6 09
DarkSide-Config-Extract
33 9 010
DotDumper
An automatic unpacker and logger for DotNet Framework targeting files
Language:C#249 12 228
GhidraScripts
Scripts to run within Ghidra, maintained by the Trellix ARC team
Language:Java90 4 17
IOCs
Repository containing IOCs, CSV and MISP JSON from our blogs
Language:HTML79 20 119
NetLlix
A project created with an aim to emulate and test exfiltration of data over different network protocols.
Language:C#30 4 17
xbypass
A tool to facilitate ROP Chain Development for XML Character Sanitization
Language:Python18 8 27
Yara-Rules
Repository of YARA rules made by Trellix ATR Team
Language:YARA570 52 1080

Trellix Advanced Research Center's Repositories

advanced-threat-research/Yara-Rules
Repository of YARA rules made by Trellix ATR Team
Language:YARA570 52 1080
advanced-threat-research/DotDumper
An automatic unpacker and logger for DotNet Framework targeting files
Language:C#249 12 228
advanced-threat-research/CVE-2020-16898
CVE-2020-16898 (Bad Neighbor) Microsoft Windows TCP/IP Vulnerability Detection Logic and Rule
Language:Lua207 18 131
advanced-threat-research/GhidraScripts
Scripts to run within Ghidra, maintained by the Trellix ARC team
Language:Java90 4 17
advanced-threat-research/Creosote
Creosote is our solution to searching for the tarfile vulnerability described by CVE-2007-4559.
Language:Python83 9 314
advanced-threat-research/IOCs
Repository containing IOCs, CSV and MISP JSON from our blogs
Language:HTML79 20 119
advanced-threat-research/DarkSide-Config-Extract
33 9 010
advanced-threat-research/NetLlix
A project created with an aim to emulate and test exfiltration of data over different network protocols.
Language:C#30 4 17
advanced-threat-research/CVE-2020-16899
CVE-2020-16899 - Microsoft Windows TCP/IP Vulnerability Detection Logic and Rule
Language:Lua21 6 09
advanced-threat-research/xbypass
A tool to facilitate ROP Chain Development for XML Character Sanitization
Language:Python18 8 27
advanced-threat-research/Expert-Rules
17 9 03
advanced-threat-research/Ripple-20-Detection-Logic
Ripple20 Critical Vulnerabilities - Detection Logic and Signatures
Language:Lua11 3 04
advanced-threat-research/Threat-Reports
Repository to store the Threat Reports made by the McAfee Enterprise ATR Team
11 9 02
advanced-threat-research/ATR_HAX_CTF_2021
McAfee Enterprise Advanced Threat Research Capture the Flag
Language:Python8 6 04
advanced-threat-research/DotDumperGUI
A graphical user interface to easily read through, and filter, DotDumper JSON-based logs
Language:C#6 4 0
advanced-threat-research/ATR_HAX_CTF_2022
Trellix Advanced Threat Research CTF compitition of 2022
Language:Java5 5 02
advanced-threat-research/FIDBs
FunctionID databases for Ghidra to recover function symbols with from stripped binaries
3
advanced-threat-research/BSim
BSim signatures and databases for Ghidra to recover function symbols with
2
advanced-threat-research/DotDumperNative
The native (unmanaged) library which contains hooks for native functions that are hooked using DotDumper
Language:C++2 4 0
advanced-threat-research/Golang-Runtime-Binaries
A repository with a variety of compiled Golang binaries, each of which contains the entire Golang runtime for the given architecture for the specific Golang version
21
advanced-threat-research/Russian_CyberThreats_Yara
Repository with aggregated public source yara rules
2 4 01