Defending

Sanctum is an experimental proof-of-concept EDR, designed to detect modern malware techniques, above and beyond the capabilities of antivirus. Built in Rust. - 0xflux/Sanctum

Tracecat is the open source Tines / Splunk SOAR alternative. Unlimited workflows, lookup tables, and case management. Self-host today.

As the reader, I’m sure you’re thinking — “oh great, another EDR internals or bypass post”. I can fully understand that sentiment, as EDRs are quite the topic these days. However, this one is…

An open source platform to support analysts to organise their case and tasks - flowintel/flowintel

A repository to help CTI teams tackle the challenges around collection and research by providing guidance from experienced practitioners - curated-intel/The-CTI-Research-Guide

CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +70 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC,...

Fibratus detects, protects, and eradicates advanced adversary tradecraft by scrutinizing and asserting a wide spectrum of system events against a behavior-driven rule engine and YARA memory scanner

Open Breach and Attack Simulation Platform.

Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS. - thalesgroup-cert/Watcher

Search engine for source code - ultimate solution for digital marketing and affiliate marketing research.

A pivoting handbook for cyber threat intel analysts

SpyGuard is a forked and enhanced version of TinyCheck. SpyGuard's main objective is to detect signs of compromise by monitoring network flows transmitted by a device. - SpyGuard/SpyGuard

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover su...

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts. - cisagov/Malcolm

Eliminate huge part of lateral movement scenarios with one command: "reg.exe add HKLM\SYSTEM\CurrentControlSet\Control /v DisableRemoteScmEndpoints /t REG_DWORD /d 1"It will make Service Control Manager deaf to remote management. Everything else works properly. pic.twitter.com/ltVUY84Hm4— Grzegorz Tworek (@0gtweet) May 12, 2020

For my fellow ETW enthusiasts, you can use the Microsoft-JScript {57277741-3638-4A4B-BDBA-0AC6E45DA56C} Provider to detect this and many other JScript based activities 🚀 (such as HTA applications leveraging Jscript)EID 105 (and others) will capture both the binary and command… https://t.co/5sVf2FE4Yr pic.twitter.com/gwOqR2pbcG— Nasreddine Bencherchali (@nas_bench) February 28, 2024

You can find #Linux malware masquerading as a kernel thread using this command:cat /proc//mapsI'm going to show you how in this thread. #DFIR #sandflysecurity pic.twitter.com/E49dIQ06nC— Craig Rowland - Agentless Linux Security (@CraigHRowland) February 25, 2020

At DerbyCon V (2015), I presented on Active Directory Attack & Defense and part of this included how to detect & defend against PowerShell attacks. Update: I presented at BSides Charm (Baltimore) on PowerShell attack & defense in April 2016. More information on PowerShell Security: PowerShell Security: PowerShell Attack Tools, Mitigation, & Detection The most ...

Threat-hunting tool for Linux. Contribute to 0xrawsec/kunai development by creating an account on GitHub.

Slips, a free software behavioral Python intrusion prevention system (IDS/IPS) that uses machine learning to detect malicious behaviors in the network traffic. Stratosphere Laboratory, AIC, FEL, CV...

Portspoof. Contribute to drk1wi/portspoof development by creating an account on GitHub.

What is eBPF ? born out of a need for a better Linux tracing tool. first released in a limited capacity in 2014 with Linux 3.18, making full use of eBPF at least Linux 4.4 or above eBPF can run sandboxed programs in the Linux kernel without changin...

RAVEN (Risk Analysis and Vulnerability Enumeration for CI/CD) is a powerful security tool designed to perform massive scans for GitHub Actions CI workflows and digest the discovered data into a Neo4j database.

Fuzz test your application using your OpenAPI or Swagger API definition without coding - GitHub - KissPeter/APIFuzzer: Fuzz test your application using your OpenAPI or Swagger API definition withou...

OT security monitoring #nsacyber. Contribute to nsacyber/ELITEWOLF development by creating an account on GitHub.

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices - GitHub - future-architect/vuls: Agent-less vulnerability scanner for Lin...

Contribute to SiriusScan/Sirius development by creating an account on GitHub.