Defending

An open source platform to support analysts to organise their case and tasks - flowintel/flowintel

A repository to help CTI teams tackle the challenges around collection and research by providing guidance from experienced practitioners - curated-intel/The-CTI-Research-Guide

CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +70 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC,...

Fibratus detects, protects, and eradicates advanced adversary tradecraft by scrutinizing and asserting a wide spectrum of system events against a behavior-driven rule engine and YARA memory scanner

Open Breach and Attack Simulation Platform.

Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS. - thalesgroup-cert/Watcher

Search engine for source code - ultimate solution for digital marketing and affiliate marketing research.

A pivoting handbook for cyber threat intel analysts

SpyGuard is a forked and enhanced version of TinyCheck. SpyGuard's main objective is to detect signs of compromise by monitoring network flows transmitted by a device. - SpyGuard/SpyGuard

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover su...

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts. - cisagov/Malcolm

Eliminate huge part of lateral movement scenarios with one command: "reg.exe add HKLM\SYSTEM\CurrentControlSet\Control /v DisableRemoteScmEndpoints /t REG_DWORD /d 1"It will make Service Control Manager deaf to remote management. Everything else works properly. pic.twitter.com/ltVUY84Hm4— Grzegorz Tworek (@0gtweet) May 12, 2020

For my fellow ETW enthusiasts, you can use the Microsoft-JScript {57277741-3638-4A4B-BDBA-0AC6E45DA56C} Provider to detect this and many other JScript based activities 🚀 (such as HTA applications leveraging Jscript)EID 105 (and others) will capture both the binary and command… https://t.co/5sVf2FE4Yr pic.twitter.com/gwOqR2pbcG— Nasreddine Bencherchali (@nas_bench) February 28, 2024

You can find #Linux malware masquerading as a kernel thread using this command:cat /proc//mapsI'm going to show you how in this thread. #DFIR #sandflysecurity pic.twitter.com/E49dIQ06nC— Craig Rowland - Agentless Linux Security (@CraigHRowland) February 25, 2020

At DerbyCon V (2015), I presented on Active Directory Attack & Defense and part of this included how to detect & defend against PowerShell attacks. Update: I presented at BSides Charm (Baltimore) on PowerShell attack & defense in April 2016. More information on PowerShell Security: PowerShell Security: PowerShell Attack Tools, Mitigation, & Detection The most ...

Threat-hunting tool for Linux. Contribute to 0xrawsec/kunai development by creating an account on GitHub.

Slips, a free software behavioral Python intrusion prevention system (IDS/IPS) that uses machine learning to detect malicious behaviors in the network traffic. Stratosphere Laboratory, AIC, FEL, CV...

Portspoof. Contribute to drk1wi/portspoof development by creating an account on GitHub.

What is eBPF ? born out of a need for a better Linux tracing tool. first released in a limited capacity in 2014 with Linux 3.18, making full use of eBPF at least Linux 4.4 or above eBPF can run sandboxed programs in the Linux kernel without changin...

RAVEN (Risk Analysis and Vulnerability Enumeration for CI/CD) is a powerful security tool designed to perform massive scans for GitHub Actions CI workflows and digest the discovered data into a Neo4j database.

Fuzz test your application using your OpenAPI or Swagger API definition without coding - GitHub - KissPeter/APIFuzzer: Fuzz test your application using your OpenAPI or Swagger API definition withou...

OT security monitoring #nsacyber. Contribute to nsacyber/ELITEWOLF development by creating an account on GitHub.

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices - GitHub - future-architect/vuls: Agent-less vulnerability scanner for Lin...

Contribute to SiriusScan/Sirius development by creating an account on GitHub.

Lateral movement is when attackers move from a compromised host to other hosts to expand their access and reach their goal. If threat hunters can detect malicious activity on an endpoint they may see similar indicators appearing on new machines when lateral movement has occurred. But if they can detect the lateral movement as it […]

Sandfly Linux Stealth Rootkit Decloaking Utility. Contribute to sandflysecurity/sandfly-processdecloak development by creating an account on GitHub.

GitHub Self-Hosted Runner Enumeration and Attack Tool - GitHub - praetorian-inc/gato: GitHub Self-Hosted Runner Enumeration and Attack Tool

It’s dangerous to defend the registry alone! Take this!