nasbench

Detection Engineering | Threat Hunting | Malware Analysis | Windows Internals | DFIR

@Splunk @SigmaHQ @magicsword-ioHAL

Pinned Repositories

MAL-CL
MAL-CL (Malicious Command-Line)
308 22 043
sigconverter.io
An opensource sigma conversion tool built using pysigma
Language:JavaScript100 5 1622
C2-Matrix-Indicators
This repository aims to collect and document indicators from the different C2's listed in the C2-Matrix
72 5 02
EVTX-ETW-Resources
Event Tracing For Windows (ETW) Resources
Language:Python349 16 468
MindMaps
#ThreatHunting #DFIR #Malware #Detection Mind Maps
282 17 137
Misc-Research
A collection of tools, scripts and personal research
Language:Python113 6 016
SEDR-Internals
Symantec EDR Internals
25 4 06
SIGMA-Resources
Resources To Learn And Understand SIGMA Rules
168 9 014
sigma
Main Sigma Rule Repository
Language:Python8.4k 344 6032.2k

nasbench's Repositories

nasbench/EVTX-ETW-Resources
Event Tracing For Windows (ETW) Resources
Language:Python349 16 468
nasbench/Misc-Research
A collection of tools, scripts and personal research
Language:Python113 6 016
nasbench/sigma
Generic Signature Format for SIEM Systems
Language:Python6 0 14
nasbench/LOLDrivers
Living Off The Land Drivers
Language:YARA3 0 0
nasbench/Ransomware-Tool-Matrix
A resource containing all the tools each ransomware gangs uses
2
nasbench/sysmon-config
Sysmon configuration file template with default high-quality event tracing
2 0 0
nasbench/Zircolite
A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
Language:Python2 0 0
nasbench/atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
Language:C1 0 0
nasbench/droid
A pySigma wrapper to manage detection rules.
Language:Python1 0 0
nasbench/LOLRMM
LotL RMM
Language:MDX1
nasbench/sigmahq.github.io
Official Website Of The Sigma Project
Language:Vue1 0 0
nasbench/SysmonCommunityGuide
TrustedSec Sysinternals Sysmon Community Guide
Language:CSS1 0 0
nasbench/The_Shelf
Retired TrustedSec Capabilities
Language:Python1 0 0
nasbench/threat-intel
This repository contains supplemental items including IOCs, and signatures discussed in Huntress blogposts, and other media.
Language:YARA1 0 0
nasbench/attack_range
A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk
nasbench/bootloaders
Language:YARA0 0
nasbench/HijackLibs
Project for tracking publicly disclosed DLL Hijacking opportunities.
0 0
nasbench/LOLBAS
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Language:XSLT0 0
nasbench/pySigma
Python library to parse and convert Sigma rules into queries (and whatever else you could imagine)
Language:Python0 01
nasbench/pySigma-backend-elasticsearch
pySigma Elasticsearch backend
Language:Python0 0
nasbench/pySigma-validators-sigmaHQ
Language:Python0 0
nasbench/sensor-mappings-to-attack
Sensor Mappings to ATT&CK is a collection of resources to assist cyber defenders with understanding which sensors and events can help detect real-world adversary behaviors in their environments.
Language:Python0 01
nasbench/sigconverter.io
A opensource sigma convertion tool built using pysigma
Language:HTML0 0
nasbench/sigma-cli
The Sigma command line interface based on pySigma
Language:Python0 0
nasbench/SIGMA-detection-rules
Set of SIGMA rules (>320) mapped to MITRE ATT&CK tactic and techniques
nasbench/Sigma-Rules
Rules generated from our investigations.
Language:Shell0 0
nasbench/sigma-specification
Sigma rule specification
0 0
nasbench/signature-base
Signature base for my scanner tools
Language:YARA0 0
nasbench/ThreatHunting-Keywords-sigma-rules
Sigma detection rules for hunting with the threathunting-keywords project
Language:Python0 0
nasbench/vscode-sigma
Language:TypeScript0 0