csimpson4
Follow
Stars
A set of Zeek scripts to detect ATT&CK techniques.
Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Official Twitter/X account @PersistSniper. Made w…
Repo with supporting material for the talk titled "Cracking the Beacon: Automating the extraction of implant configurations"
Extract files from network traffic with Zeek.
Bro scripts for the ROCK platform. http:https://rocknsm.io
Detection of obfuscated Powershell commands
Cloud-native SIEM for intelligent security analytics for your entire enterprise.
Online hash checker for Virustotal and other services
Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, Th…
Zeek-Formatted Threat Intelligence Feeds
Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures. It adds syntax check, hints and auto-completion to your preferred editor once it is configured.
A Python application to filter and transfer Zeek logs to Elastic/OpenSearch+Humio. This app can also output pure JSON logs to stdout for further processing!
Cuckoo 3 is a Python 3 open source automated malware analysis system.
Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams.
Malware samples, analysis exercises and other interesting resources.
Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders
A not so awesome list of malware gems for aspiring malware analysts
Collaborative Incident Response platform
Student-created Linux Binary Exploitation course taught at George Mason University in the Spring and Fall semesters of 2021.
Labs for Practical Malware Analysis & Triage
Detection Ideas & Rules repository.