Automated YARA Rule Standardization and Quality Assurance Tool

Signature-based detection of malware features based on Windows API call sequences. It's like YARA for sandbox API traces!

Threat-hunting tool for Linux

Digger is an open source IaC orchestration tool. Digger allows you to run IaC in your existing CI pipeline ⚡️

Map tracking ransomware, by OCD World Watch team

Placeholder for my detection repo and misc detection engineering content

Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" macOS binaries and how they can be used by threat actors for m…

macOS Malware Collection

Substation is a toolkit for routing, normalizing, and enriching security event and audit logs.

Open Source Platform for storing, organizing, and searching documents related to cyber threats

Strelka Web UI for File Submission and Analysis

Project for tracking publicly disclosed DLL Hijacking opportunities.

Project for identifying executables and DLLs vulnerable to environment-variable based DLL hijacking.

Windows file metadata / forensic tool.

simple webapp for converting sigma rules into siem queries using the pySigma library

Pre-Built Vulnerable Environments Based on Docker-Compose

Gather and update all available and newest CVEs with their PoC.

Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.

GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet or Microsoft SharePoint List and exfiltrate files using Google Drive or…

pCraft is a PCAP Crafter, which creates a PCAP from an AMI scenario.

Fast Incident Response

Rapidly building a Windows 10 system to use for dynamic malware analysis (sandbox), sending data to Elastic Cloud.

Rapidly Search and Hunt through Windows Forensic Artefacts

A website and framework for testing NIDS detection

Yara Based Detection Engine for web browsers