GitHub - aquasecurity/tracee: Linux Runtime Security and Forensics using eBPF
Linux Runtime Security and Forensics using eBPF. Contribute to aquasecurity/tracee development by creating an account on GitHub.
GitHub - avast/yari: YARI is an interactive debugger for YARA Language.
YARI is an interactive debugger for YARA Language. - GitHub - avast/yari: YARI is an interactive debugger for YARA Language.
GitHub - StrangerealIntel/Orion: A YARA rules repository continuously updated for monitoring the old and new threats from articles, incidents responses ...
A YARA rules repository continuously updated for monitoring the old and new threats from articles, incidents responses ... - GitHub - StrangerealIntel/Orion: A YARA rules repository continuously up...
GitHub - google/hashr
Contribute to google/hashr development by creating an account on GitHub.
Filesec.io
Caching Out: The Value of Shimcache for Investigators | Mandiant
FireHOL IP Lists | IP Blacklists | IP Reputation Feeds
350+ IP blacklists, IP blocklists and IP Reputation feeds, about Cybercrime, Fraud, Botnets, Μalware, Virus, Abuse, Attacks, Open Proxies, Anonymizers. See their changes and updates, size over time, retention policy, geographic coverage, comparisons and overlaps.
GitHub - arkime/arkime: Arkime (formerly Moloch) is an open source, large scale, full packet capturing, indexing, and database system.
Arkime (formerly Moloch) is an open source, large scale, full packet capturing, indexing, and database system. - GitHub - arkime/arkime: Arkime (formerly Moloch) is an open source, large scale, ful...
GitHub - orlikoski/CyLR: CyLR - Live Response Collection Tool
CyLR - Live Response Collection Tool. Contribute to orlikoski/CyLR development by creating an account on GitHub.
Enter Mordor 😈: Pre-recorded Security Events from Simulated Adversarial Techniques 🛡
It is Monday and you want to start your week by learning about a new adversarial technique and build detections around it. What is the…
GitHub - cilium/tetragon: eBPF-based Security Observability and Runtime Enforcement
eBPF-based Security Observability and Runtime Enforcement - GitHub - cilium/tetragon: eBPF-based Security Observability and Runtime Enforcement
EchoTrail
Endpoint Behavioral Insights for Security Analysts and IT Professionals. Search our Insights database for filenames and hashes to see how Windows processes behave in the wild.
GitHub - Neo23x0/signature-base: Signature base for my scanner tools
Signature base for my scanner tools. Contribute to Neo23x0/signature-base development by creating an account on GitHub.
Home
Common Nginx misconfigurations that leave your web server open to attack
Detectify analyzed 50,000 unique Nginx configuration files on GitHub and reported some common misconfigurations.
Cobalt Strike Staging and Extracting Configuration Information
This post covers how Cobalt Strike staging works, how to replicate a staging request to obtain beacon shellcode, and then how to extract the Cobalt Strike config from the shellcode.
Digging into the System Resource Usage Monitor (SRUM)
Uncovering history with Velociraptor
sigma/rules at master · SigmaHQ/sigma
Generic Signature Format for SIEM Systems. Contribute to SigmaHQ/sigma development by creating an account on GitHub.