Defending

Defending

18 bookmarks
Custom sorting
GitHub - StrangerealIntel/Orion: A YARA rules repository continuously updated for monitoring the old and new threats from articles, incidents responses ...
GitHub - StrangerealIntel/Orion: A YARA rules repository continuously updated for monitoring the old and new threats from articles, incidents responses ...
A YARA rules repository continuously updated for monitoring the old and new threats from articles, incidents responses ... - GitHub - StrangerealIntel/Orion: A YARA rules repository continuously up...
·github.com·
GitHub - StrangerealIntel/Orion: A YARA rules repository continuously updated for monitoring the old and new threats from articles, incidents responses ...
Windows System Calls For Hunters
Windows System Calls For Hunters
Introduction System calls are the ultimate high-level atomic actions that Malware writers might control. System calls sequences are the defacto ultimate way to divide behaviors between good and bad…
·marcoramilli.com·
Windows System Calls For Hunters
GitHub - google/hashr
GitHub - google/hashr
Contribute to google/hashr development by creating an account on GitHub.
·github.com·
GitHub - google/hashr
DFIR triage and Timeline Analysis
DFIR triage and Timeline Analysis
During incident response, it is essential to establish a full context around the time of alert or when suspicious activity was identified…
·medium.com·
DFIR triage and Timeline Analysis
FireHOL IP Lists | IP Blacklists | IP Reputation Feeds
FireHOL IP Lists | IP Blacklists | IP Reputation Feeds
350+ IP blacklists, IP blocklists and IP Reputation feeds, about Cybercrime, Fraud, Botnets, Μalware, Virus, Abuse, Attacks, Open Proxies, Anonymizers. See their changes and updates, size over time, retention policy, geographic coverage, comparisons and overlaps.
·iplists.firehol.org·
FireHOL IP Lists | IP Blacklists | IP Reputation Feeds
GitHub - arkime/arkime: Arkime (formerly Moloch) is an open source, large scale, full packet capturing, indexing, and database system.
GitHub - arkime/arkime: Arkime (formerly Moloch) is an open source, large scale, full packet capturing, indexing, and database system.
Arkime (formerly Moloch) is an open source, large scale, full packet capturing, indexing, and database system. - GitHub - arkime/arkime: Arkime (formerly Moloch) is an open source, large scale, ful...
·github.com·
GitHub - arkime/arkime: Arkime (formerly Moloch) is an open source, large scale, full packet capturing, indexing, and database system.
EchoTrail
EchoTrail
Endpoint Behavioral Insights for Security Analysts and IT Professionals. Search our Insights database for filenames and hashes to see how Windows processes behave in the wild.
·echotrail.io·
EchoTrail
Cobalt Strike Staging and Extracting Configuration Information
Cobalt Strike Staging and Extracting Configuration Information
This post covers how Cobalt Strike staging works, how to replicate a staging request to obtain beacon shellcode, and then how to extract the Cobalt Strike config from the shellcode.
·blog.securehat.co.uk·
Cobalt Strike Staging and Extracting Configuration Information