Giters

Neo23x0 / BlueLedger

A list of my personal projects

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

BlueLedger

A list of my personal and community supported projects on Github and all other locations

Signatures

Sigma

Generic Signature Format for SIEM Systems

https://github.com/Neo23x0/sigma

Signature Base

Community supported YARA signature database for my scanners LOKI and THOR Lite

https://github.com/Neo23x0/signature-base

Godmode Rules

PoC rules that cover a lot of different techniques and generic indicators. The mantra is If you had only one shot, what would you aim for?

Sigma https://gist.github.com/Neo23x0/811db09add59068a7a80273d7e5f6e0f

YARA https://gist.github.com/Neo23x0/f1bb645a4f715cb499150c5a14d82b44

Scanners

LOKI

Loki - Simple IOC Scanner

https://github.com/Neo23x0/Loki

THOR Lite

Fast and flexible multi-platform IOC and YARA scanner

https://www.nextron-systems.com/thor-lite/

Fenrir

Simple Bash IOC Scanner

https://github.com/Neo23x0/Fenrir

Malware Protection

Raccine

A Simple Ransomware Protection

https://github.com/Neo23x0/Raccine

Signature Work

yarGen

A YARA rule generator

https://github.com/Neo23x0/yarGen

Munin

Online hash checker for Virustotal and other services

https://github.com/Neo23x0/munin

Panopticon

A YARA rule performance measurement tool

https://github.com/Neo23x0/panopticon

Xorex

XOR Key Evaluator for Encrypted Executables

https://github.com/Neo23x0/xorex

yarAnalyzer

Yara Rule Analyzer and Statistics

https://github.com/Neo23x0/yarAnalyzer

Fnord

A pattern extractor for obfuscated code

https://github.com/Neo23x0/Fnord

YARA Rule Hash Generator

A generator that creates a unique hash over the relevant sections of a YARA rule

https://gist.github.com/Neo23x0/81990b8e5eb351a118dca1d5f2a2a86b

Base64 Encodings Learning Aid

Learning aid with the most common base64 encoded strings seen in malicious code

https://gist.github.com/Neo23x0/6af876ee72b51676c82a2db8d2cd3639

YARA Rule Performance Guidelines

Guidelines to help you write YARA rules that are fast and don't consume a lot of memory

https://gist.github.com/Neo23x0/e3d4e316d7441d9143c7

How to write YARA Rules Guides

a bit outdated but still okay

How to Write Simple but Sound YARA Rules - Part1

How to Write Simple but Sound YARA Rules - Part2

How to Write Simple but Sound YARA Rules - Part3

50 Shades of YARA

How to Create a YARA Rule for a Compromised Certificate

Security Monitoring

AntiVirus Event Analysis Cheat Sheet

A cheat sheet that help security monitoring anylsts process events from their antivirus products in a reasonable manner.

https://www.nextron-systems.com/?s=antivirus

Web Proxy Event Analysis Cheat Sheet

A cheat sheet that help security monitoring anylsts process events from their web proxy products in a reasonable manner.

https://www.nextron-systems.com/?s=proxy+cheat

Auditd Best Practice Configuration

Best practice configuration for the Linux/Unix audit daemon.

https://github.com/Neo23x0/auditd

Threats

APT Groups and Operations Sheet

A Google Docs spreadsheet that tracks the different names and campaign of well-known threat groups.

https://docs.google.com/spreadsheets/d/e/2PACX-1vTheajUWzRhTK0XhSI3_RnYVtUJvl8mlX8HlThPyCJGK1g5SBecgS78O1oeTFQxDYS0oWlKTg2pNLyb/pubhtml

APT Simulator

APT Simulator is a Windows Batch script that uses a set of tools and output files to make a system look as if it was compromised (probably the most basic and simplest threat simulation tool available)

https://github.com/NextronSystems/APTSimulator

Article: The Newcomer’s Guide to Cyber Threat Actor Naming

https://medium.com/@cyb3rops/the-newcomers-guide-to-cyber-threat-actor-naming-7428e18ee263

Article: How to Fall Victim to Advanced Persistent Threats

https://www.nextron-systems.com/2016/05/04/how-to-fall-victim-to-apt/

Slide Decks

Security Analyst Workshop

Security analyst workshop slides, with useful tools and services

https://www.slideshare.net/FlorianRoth2/security-analyst-workshop-20200212

Maturity Model of Security Disciplines

Maturity Model of Security Disciplines (includes the table with the top log sources)

https://www.slideshare.net/FlorianRoth2/maturity-model-of-security-disciplines

Ransomware Resistance

The Pareto principle applied to a list of measures that increase malware resistance

https://www.slideshare.net/FlorianRoth2/ransomware-resistance

50 Shades of Sigma

Describe and Share Generic Threat Detection Methods

https://web.tresorit.com/l/lN841#uqbRHdXCFzVVX8obs1OEUw&viewer=HzCnrjmYjRWrou0r2qMfspRZSPFyv4RC

Other

DLLRunner

A tool to run DLL files in sandbox systems (from October 2014)

https://github.com/Neo23x0/DLLRunner

RadioCarbon

A leak file analyzer

https://github.com/Neo23x0/radiocarbon

Project Ideas

... (TBA)

About

A list of my personal projects