kolmai

kolmai's Stars

• danielbohannon/Invoke-CradleCrafter

  PowerShell Remote Download Cradle Generator & Obfuscator

  Language:PowerShell821160

• travisbgreen/hunting-rules

  Suricata rules for network anomaly detection

  15341

• MalwareTech/EDR-Preloader

  An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer

  Language:C++39067

• pushsecurity/saas-attacks

  Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown

  1.2k79

• target/Threat-Hunting

  Detection of obfuscated Powershell commands

  Language:Jupyter Notebook532

• Helixo32/CrimsonEDR

  Simulate the behavior of AV/EDR for malware development training.

  Language:C44637

• FourCoreLabs/firedrill

  firedrill is a malware simulation harness for evaluating your security controls

  Language:Go14118

• AutohostAI/meeting-notes

  Generate meeting notes for Google Meet using ChatGPT

  Language:Python323

• Azure/Azure-Sentinel-Notebooks

  Interactive Azure Sentinel Notebooks provides security insights and actions to investigate anomalies and hunt for malicious behaviors.

  Language:Jupyter Notebook551190

• egaus/MaliciousMacroBot

  Language:Python15027

• DavidJBianco/huntlib

  A Python library to help with some common threat hunting data analysis operations

  12

• google/grr

  GRR Rapid Response: remote live forensics for incident response

  Language:Python4.8k765

• activecm/devprof

  Device profile: Define acceptable amounts of traffic for your devices and see a report of outliers.

  Language:Python162

• mytechnotalent/Reverse-Engineering

  A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit/64-bit ARM and embedded RISC-V architectures.

  Language:Assembly11.1k1k

• BinaryScary/NET-Obfuscate

  Obfuscate ECMA CIL (.NET IL) assemblies to evade Windows Defender AMSI

  Language:C#22950

• salesforce/jarm

  Language:Python1.2k142

• fashionproof/RunHijackHunter

  Language:PowerShell155

• 0x25bit/Updated-Carbanak-Source-with-Plugins

  https://twitter.com/itsreallynick/status/1120410950430089224

  Language:C++386221

• hatching/python-sandboxapi

  Minimal, consistent Python API for building integrations with malware sandboxes.

  Language:Python2

• Tylous/Limelighter

  A tool for generating fake code signing certificates or signing real ones

  Language:Go874127

• MichaelKoczwara/Awesome-CobaltStrike-Defence

  Defences against Cobalt Strike

  1.3k190

• zodiacon/syllabi

  6015

• pk-fr/yakpro-po

  YAK Pro - Php Obfuscator

  Language:PHP1.3k368

• hasherezade/hollows_hunter

  Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

  Language:C2k253

• hasherezade/malware_analysis

  Various snippets created during malware analysis

  Language:Python456124

• pan-unit42/wireshark-tutorial-Dridex-traffic

  pcaps for Wireshark tutorial about examining Dridex infection traffic

  167

• hx015/TH-Notebooks

  Language:Jupyter Notebook3

• grnet/emotet-utils

  Language:C274

• thomaspatzke/elk-detection-lab

  An ELK environment containing interesting security datasets.

  Language:Shell13325

• Infocyte/PSHunt

  Powershell Threat Hunting Module

  Language:PowerShell27666