Defending

Lateral movement is when attackers move from a compromised host to other hosts to expand their access and reach their goal. If threat hunters can detect malicious activity on an endpoint they may see similar indicators appearing on new machines when lateral movement has occurred. But if they can detect the lateral movement as it […]

Sandfly Linux Stealth Rootkit Decloaking Utility. Contribute to sandflysecurity/sandfly-processdecloak development by creating an account on GitHub.

GitHub Self-Hosted Runner Enumeration and Attack Tool - GitHub - praetorian-inc/gato: GitHub Self-Hosted Runner Enumeration and Attack Tool

It’s dangerous to defend the registry alone! Take this!

Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Made with ❤️ by @last0x00 and @dottor_morte - Git...

A collection of awesome security hardening guides, tools and other resources - GitHub - decalage2/awesome-security-hardening: A collection of awesome security hardening guides, tools and other reso...

HardeningKitty - Checks and hardens your Windows configuration - GitHub - scipag/HardeningKitty: HardeningKitty - Checks and hardens your Windows configuration

It’s dangerous to find malicious services alone! Take this!

Open source cloud-native security lake platform (SIEM alternative) for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS 🦀 - GitHub - matanolabs/mat...

SIEM Tactics, Techiques, and Procedures. Contribute to TonyPhipps/SIEM development by creating an account on GitHub.

ONYPHE is a Cyber Defense Search Engine for open-source and cyber threat intelligence data collected by crawling various sources available on the Internet or by listening to Internet background noise. ONYPHE does correlate this information with data gathered by performing active Internet scanning for connected devices and also by crawling Web site URLs. It then normalizes information and makes it available via an API and its query language.

Pulsedive is a free threat intelligence platform. Search, scan, and enrich IPs, URLs, domains and other IOCs from OSINT feeds or submit your own.

This project is a meta package, it will install all other Dissect modules with the right combination of versions. - GitHub - fox-it/dissect: This project is a meta package, it will install all othe...

Curated list of open-source & paid Attack Surface Monitoring (ASM) tools. - GitHub - 0xtavian/awesome-attack-surface-monitoring: Curated list of open-source & paid Attack Surface Mo...

Linux Runtime Security and Forensics using eBPF. Contribute to aquasecurity/tracee development by creating an account on GitHub.

YARI is an interactive debugger for YARA Language. - GitHub - avast/yari: YARI is an interactive debugger for YARA Language.

A YARA rules repository continuously updated for monitoring the old and new threats from articles, incidents responses ... - GitHub - StrangerealIntel/Orion: A YARA rules repository continuously up...

Contribute to google/hashr development by creating an account on GitHub.

350+ IP blacklists, IP blocklists and IP Reputation feeds, about Cybercrime, Fraud, Botnets, Μalware, Virus, Abuse, Attacks, Open Proxies, Anonymizers. See their changes and updates, size over time, retention policy, geographic coverage, comparisons and overlaps.

Arkime (formerly Moloch) is an open source, large scale, full packet capturing, indexing, and database system. - GitHub - arkime/arkime: Arkime (formerly Moloch) is an open source, large scale, ful...

CyLR - Live Response Collection Tool. Contribute to orlikoski/CyLR development by creating an account on GitHub.

It is Monday and you want to start your week by learning about a new adversarial technique and build detections around it. What is the…

eBPF-based Security Observability and Runtime Enforcement - GitHub - cilium/tetragon: eBPF-based Security Observability and Runtime Enforcement

Endpoint Behavioral Insights for Security Analysts and IT Professionals. Search our Insights database for filenames and hashes to see how Windows processes behave in the wild.

Signature base for my scanner tools. Contribute to Neo23x0/signature-base development by creating an account on GitHub.

Detectify analyzed 50,000 unique Nginx configuration files on GitHub and reported some common misconfigurations.

This post covers how Cobalt Strike staging works, how to replicate a staging request to obtain beacon shellcode, and then how to extract the Cobalt Strike config from the shellcode.