Pinned Repositories
awesome-malware-analysis
A curated list of awesome malware analysis tools and resources
Bro-NetworkSecurityMonitoring
collection of bro and bash scripts that when run from the same directory on Linux distro with bro installed, will pull information such as active HTTP conns, FTP conns, etc. It also carves various types of files at the same time. They can be run against snort logs or pcaps
CS-Beacon-Detector
Custom Sniffer that listens for DNS beacons and analyzes the validity of alerts
DNShunter
DNShunter is a python based module that is written for MercenaryHuntFramework & Mercenary-Linux. Currently it reads in .pcap files and extracts the DNS Queries and Answers. In addition to extracting the queries & answers, it also performs a geo-lookup of the domains & the associated IP's. This makes it easy to catch attacks such as DNS Cache Poisoning and DNSBeacons. EX: [Q] firstnationalbank.com -> resolving to Indonesia
maltrail
Malicious traffic detection system
NodeHunter
Python Module that uses the NMAP api to enumerate a network and its hosts.
Registry_Enumerator
Package of Modules that Enumerate Windows Registry (x86 & 64) Win7,8,8.1,10. outputs into xml document.
runas
Modified version of windows 'runas'...
simpleNMAP
quick and dirty menu for NMAP
vdns
MHF Modules that import data directly into Neo4j DB
slacker007's Repositories
slacker007/Bro-NetworkSecurityMonitoring
collection of bro and bash scripts that when run from the same directory on Linux distro with bro installed, will pull information such as active HTTP conns, FTP conns, etc. It also carves various types of files at the same time. They can be run against snort logs or pcaps
slacker007/CS-Beacon-Detector
Custom Sniffer that listens for DNS beacons and analyzes the validity of alerts
slacker007/runas
Modified version of windows 'runas'...
slacker007/maltrail
Malicious traffic detection system
slacker007/OFF-CODE
slacker007/OFF-ToolKit
Framework for Registry Based Artifact Collection and Correlation
slacker007/ProcessMonitor
Provides Processess, Loaded DLLS, With Absolute Paths
slacker007/runas_v2
Modified version of Window's runas. Allows you to specify local or domain credentials to run an executable (spawn a process and its primary thread) as a user of your choice. Program is designed to either run executable or return a token that can be used for impersonation or lateral movement. This makes it useful to ether run or simply import into another application.
slacker007/bro-intel-generator
Script for generating Bro intel files from pdf or html reports
slacker007/gephi-plugins-bootcamp
Out of the box plug-ins development suite. Contains examples for all types of plug-ins.
slacker007/Hale
Botnet command & control monitor
slacker007/PowerForensics
PowerShell - Live disk forensics platform
slacker007/python-wmi-client-wrapper
Linux-only wrapper around wmi-client for WMI (Windows)
slacker007/test
test_git