Pinned Repositories
3aj-lib
Proof of concept communications from C# via a web browser process
AnalyzePDF
Tool to help analyze PDF files
arcosi
ArcOSI is the leading open source threat intelligence integration utility for ArcSight SIEM users.
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
AWS_zeek
Deploy zeek with a mirror
binarypig
Scalable Binary Data Extraction in Hadoop
bro-osquery
Bro integration with osquery
mics-scanjs
Static analysis tool for javascript code based. Scanjs uses Acorn to convert sources to AST, then walks AST looking for patterns.
midas_patch
MIDAS Patch
neslog's Repositories
neslog/3aj-lib
Proof of concept communications from C# via a web browser process
neslog/atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
neslog/AWS_zeek
Deploy zeek with a mirror
neslog/bro-osquery
Bro integration with osquery
neslog/bro-packages
LIsting of Bro Packages
neslog/bro-sysmon
How to Zeek Sysmon Logs!
neslog/bro_scripts
Various Bro scripts
neslog/BroSysmon-Vagrant
Vagrant file to create Win32 VM for Bro-Sysmon Environment.
neslog/DET
(extensible) Data Exfiltration Toolkit (DET)
neslog/intel_feeds
Gathering list of intel feeds to use
neslog/ja3
JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.
neslog/JA3_SSL_Analysis
neslog/ja3_ua
JA3 mapping to HTTP UserAgent
neslog/malwoverview
Malwoverview.py is a first response tool to perform an initial and quick triage on either a directory containing malware samples or a specific malware sample.
neslog/misc-Hyara
Yara rule making tool (IDA Plugin)
neslog/packages
The default package source of the Zeek Package Manager
neslog/puppet_bro
Puppet module for installing bro.
neslog/puppet_examples
Samples of Puppet manifests
neslog/RATs
Collection of Remote Administration Tool samples
neslog/raw
The missing link between spreadsheets and data visualization
neslog/sigma
Generic Signature Format for SIEM Systems
neslog/spicy-noise
A Spicy protocol analyzer for WireGuard
neslog/suricata
Mirror of the official OISF Suricata git repository
neslog/suricata-rpms
Suricata RPMs for CentOS/EL
neslog/tcpflow
TCP/IP packet demultiplexer
neslog/testssl
.exe which makes a few simple SSL calls
neslog/the-endorser
An OSINT tool that allows you to draw out relationships between people on LinkedIn via endorsements/skills.
neslog/vaw_decode
vawtrak traffic decoder
neslog/zeek
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
neslog/zeek-plugin-noise
Spicy-Noise implementation in Binpac.