SpyGuard is a forked and enhanced version of TinyCheck. SpyGuard's main objective is to detect signs of compromise by monitoring network flows transmitted by a device. - SpyGuard/SpyGuard

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover su...

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts. - cisagov/Malcolm

Eliminate huge part of lateral movement scenarios with one command: "reg.exe add HKLM\SYSTEM\CurrentControlSet\Control /v DisableRemoteScmEndpoints /t REG_DWORD /d 1"It will make Service Control Manager deaf to remote management. Everything else works properly. pic.twitter.com/ltVUY84Hm4— Grzegorz Tworek (@0gtweet) May 12, 2020

For my fellow ETW enthusiasts, you can use the Microsoft-JScript {57277741-3638-4A4B-BDBA-0AC6E45DA56C} Provider to detect this and many other JScript based activities 🚀 (such as HTA applications leveraging Jscript)EID 105 (and others) will capture both the binary and command… https://t.co/5sVf2FE4Yr pic.twitter.com/gwOqR2pbcG— Nasreddine Bencherchali (@nas_bench) February 28, 2024

You can find #Linux malware masquerading as a kernel thread using this command:cat /proc//mapsI'm going to show you how in this thread. #DFIR #sandflysecurity pic.twitter.com/E49dIQ06nC— Craig Rowland - Agentless Linux Security (@CraigHRowland) February 25, 2020

At DerbyCon V (2015), I presented on Active Directory Attack & Defense and part of this included how to detect & defend against PowerShell attacks. Update: I presented at BSides Charm (Baltimore) on PowerShell attack & defense in April 2016. More information on PowerShell Security: PowerShell Security: PowerShell Attack Tools, Mitigation, & Detection The most ...

Threat-hunting tool for Linux. Contribute to 0xrawsec/kunai development by creating an account on GitHub.

Slips, a free software behavioral Python intrusion prevention system (IDS/IPS) that uses machine learning to detect malicious behaviors in the network traffic. Stratosphere Laboratory, AIC, FEL, CV...

Portspoof. Contribute to drk1wi/portspoof development by creating an account on GitHub.

What is eBPF ? born out of a need for a better Linux tracing tool. first released in a limited capacity in 2014 with Linux 3.18, making full use of eBPF at least Linux 4.4 or above eBPF can run sandboxed programs in the Linux kernel without changin...

RAVEN (Risk Analysis and Vulnerability Enumeration for CI/CD) is a powerful security tool designed to perform massive scans for GitHub Actions CI workflows and digest the discovered data into a Neo4j database.

Fuzz test your application using your OpenAPI or Swagger API definition without coding - GitHub - KissPeter/APIFuzzer: Fuzz test your application using your OpenAPI or Swagger API definition withou...

OT security monitoring #nsacyber. Contribute to nsacyber/ELITEWOLF development by creating an account on GitHub.

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices - GitHub - future-architect/vuls: Agent-less vulnerability scanner for Lin...

Contribute to SiriusScan/Sirius development by creating an account on GitHub.

Lateral movement is when attackers move from a compromised host to other hosts to expand their access and reach their goal. If threat hunters can detect malicious activity on an endpoint they may see similar indicators appearing on new machines when lateral movement has occurred. But if they can detect the lateral movement as it […]

Sandfly Linux Stealth Rootkit Decloaking Utility. Contribute to sandflysecurity/sandfly-processdecloak development by creating an account on GitHub.

GitHub Self-Hosted Runner Enumeration and Attack Tool - GitHub - praetorian-inc/gato: GitHub Self-Hosted Runner Enumeration and Attack Tool

It’s dangerous to defend the registry alone! Take this!

Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Made with ❤️ by @last0x00 and @dottor_morte - Git...

A collection of awesome security hardening guides, tools and other resources - GitHub - decalage2/awesome-security-hardening: A collection of awesome security hardening guides, tools and other reso...

HardeningKitty - Checks and hardens your Windows configuration - GitHub - scipag/HardeningKitty: HardeningKitty - Checks and hardens your Windows configuration

It’s dangerous to find malicious services alone! Take this!

Open source cloud-native security lake platform (SIEM alternative) for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS 🦀 - GitHub - matanolabs/mat...

SIEM Tactics, Techiques, and Procedures. Contribute to TonyPhipps/SIEM development by creating an account on GitHub.

ONYPHE is a Cyber Defense Search Engine for open-source and cyber threat intelligence data collected by crawling various sources available on the Internet or by listening to Internet background noise. ONYPHE does correlate this information with data gathered by performing active Internet scanning for connected devices and also by crawling Web site URLs. It then normalizes information and makes it available via an API and its query language.

Pulsedive is a free threat intelligence platform. Search, scan, and enrich IPs, URLs, domains and other IOCs from OSINT feeds or submit your own.

This project is a meta package, it will install all other Dissect modules with the right combination of versions. - GitHub - fox-it/dissect: This project is a meta package, it will install all othe...

Curated list of open-source & paid Attack Surface Monitoring (ASM) tools. - GitHub - 0xtavian/awesome-attack-surface-monitoring: Curated list of open-source & paid Attack Surface Mo...