Hestat

lw-yara

Yara Ruleset for scanning Linux servers for shells, spamming, phishing and other webserver baddies

ossec-sysmon

A Ruleset to enhance detection capabilities of Ossec using Sysmon

blazescan

Blazescan is a linux webserver malware scanning and incident response tool, with built in support for cPanel servers, but will run on any linux based server.

minerchk

Bash script to Check for malicious Cryptomining

calamity

A script to assist in processing forensic RAM captures for malware triage

soc-threat-hunting

Repo of python/bash scripts for identifying IoC's in threat feed and other online tools

intel-sharing

Repository of Information sharing on threats and indicators

ClamAV-CortexAnalyzer

Analyzer for TheHive Cortex Soc platform. Allows you to run observables against default and custom ClamAV rules.

cryptojacking-scanner

Python scanner for scanning websites for crypto-jacking miners.

drupal-check

Tool to dive Apache logs for evidence of exploitation of CVE-2018-7600

vt.py

Chimera

Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

liquid

atomic-red-team

Small and highly portable detection tests based on MITRE's ATT&CK.

cobaltstrike

Code and yara rules to detect and analyze Cobalt Strike

Cortex-Analyzers

Cortex Analyzers Repository

CTRU

Linux Connection Tracking Utility

dnscat2-powershell

A Powershell client for dnscat2, an encrypted DNS command and control tool.

grab_beacon_config

misp-scripts

ShellPop

Pop shells like a master.

sitrep

velociraptor

Digging Deeper....

wdatp-hunts