Defending

It’s dangerous to find malicious services alone! Take this!

Open source cloud-native security lake platform (SIEM alternative) for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS 🦀 - GitHub - matanolabs/mat...

SIEM Tactics, Techiques, and Procedures. Contribute to TonyPhipps/SIEM development by creating an account on GitHub.

ONYPHE is a Cyber Defense Search Engine for open-source and cyber threat intelligence data collected by crawling various sources available on the Internet or by listening to Internet background noise. ONYPHE does correlate this information with data gathered by performing active Internet scanning for connected devices and also by crawling Web site URLs. It then normalizes information and makes it available via an API and its query language.

Pulsedive is a free threat intelligence platform. Search, scan, and enrich IPs, URLs, domains and other IOCs from OSINT feeds or submit your own.

This project is a meta package, it will install all other Dissect modules with the right combination of versions. - GitHub - fox-it/dissect: This project is a meta package, it will install all othe...

Curated list of open-source & paid Attack Surface Monitoring (ASM) tools. - GitHub - 0xtavian/awesome-attack-surface-monitoring: Curated list of open-source & paid Attack Surface Mo...

Linux Runtime Security and Forensics using eBPF. Contribute to aquasecurity/tracee development by creating an account on GitHub.

YARI is an interactive debugger for YARA Language. - GitHub - avast/yari: YARI is an interactive debugger for YARA Language.

A YARA rules repository continuously updated for monitoring the old and new threats from articles, incidents responses ... - GitHub - StrangerealIntel/Orion: A YARA rules repository continuously up...

Contribute to google/hashr development by creating an account on GitHub.

350+ IP blacklists, IP blocklists and IP Reputation feeds, about Cybercrime, Fraud, Botnets, Μalware, Virus, Abuse, Attacks, Open Proxies, Anonymizers. See their changes and updates, size over time, retention policy, geographic coverage, comparisons and overlaps.

Arkime (formerly Moloch) is an open source, large scale, full packet capturing, indexing, and database system. - GitHub - arkime/arkime: Arkime (formerly Moloch) is an open source, large scale, ful...

CyLR - Live Response Collection Tool. Contribute to orlikoski/CyLR development by creating an account on GitHub.

It is Monday and you want to start your week by learning about a new adversarial technique and build detections around it. What is the…

eBPF-based Security Observability and Runtime Enforcement - GitHub - cilium/tetragon: eBPF-based Security Observability and Runtime Enforcement

Endpoint Behavioral Insights for Security Analysts and IT Professionals. Search our Insights database for filenames and hashes to see how Windows processes behave in the wild.

Signature base for my scanner tools. Contribute to Neo23x0/signature-base development by creating an account on GitHub.

Detectify analyzed 50,000 unique Nginx configuration files on GitHub and reported some common misconfigurations.

This post covers how Cobalt Strike staging works, how to replicate a staging request to obtain beacon shellcode, and then how to extract the Cobalt Strike config from the shellcode.

Uncovering history with Velociraptor

Generic Signature Format for SIEM Systems. Contribute to SigmaHQ/sigma development by creating an account on GitHub.