hxteam's Stars
secdev/scapy
Scapy: the Python-based interactive packet manipulation program & library.
DominicBreuker/pspy
Monitor linux processes without root permissions
CISOfy/lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
ANSSI-FR/bmc-tools
RDP Bitmap Cache parser
jpr5/ngrep
ngrep is like GNU grep applied to the network layer. It's a PCAP-based tool that allows you to specify an extended regular or hexadecimal expression to match against data payloads of packets. It understands many kinds of protocols, including IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw, across a wide variety of interface types, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.
simsong/tcpflow
TCP/IP packet demultiplexer. Download from:
corelight/zeek-community-id
Zeek support for Community ID flow hashing.
salesforce/hassh
HASSH is a network fingerprinting standard which can be used to identify specific Client and Server SSH implementations. The fingerprints can be easily stored, searched and shared in the form of a small MD5 fingerprint.
salesforce/ja3
JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.
vp777/Windows-Non-Paged-Pool-Overflow-Exploitation
Techniques based on named pipes for pool overflow exploitation targeting the most recent (and oldest) Windows versions demonstrated on CVE-2020-17087 and an off-by-one overflow
corelight/community-id-spec
An open standard for hashing network flows into identifiers, a.k.a "Community IDs".
0x90/ss7-arsenal
SS7 tools and scripts
Yamato-Security/hayabusa-rules
Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.
reversinglabs/reversinglabs-yara-rules
ReversingLabs YARA Rules
SafeBreach-Labs/PoolParty
A set of fully-undetectable process injection techniques abusing Windows Thread Pools
0xor0ne/awesome-list
Cybersecurity oriented awesome list
HavocFramework/Havoc
The Havoc Framework
gamozolabs/mesos
Binary coverage tool without binary modification for Windows
mvt-project/mvt
MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.
danmar/cppcheck
static analysis of C/C++ code
hasherezade/pe-sieve
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
xuanxuan0/DripLoader
Evasive shellcode loader for bypassing event-based injection detection (PoC)
janoglezcampos/DeathSleep
A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementing page protection changes during no execution.
Cobalt-Strike/CallStackMasker
A PoC implementation for dynamically masking call stacks with timers.
klezVirus/SilentMoonwalk
PoC Implementation of a fully dynamic call stack spoofer
JLospinoso/gargoyle
A memory scanning evasion technique
arkime/arkime
Arkime is an open source, large scale, full packet capturing, indexing, and database system.
akamai/akamai-security-research
This repository includes code and IoCs that are the product of research done in Akamai's various security research teams.
MicrosoftDocs/windowsserverdocs
Public content repository for Windows Server content.
CCob/BeaconEye
Hunts out CobaltStrike beacons and logs operator command output