RandomRhythm

followers

following

stars

RandomRhythm's repositories

Vendor-Threat-Triage-Lookup

Lookup file hashes, domain names and IP addresses using various vendors to assist with triaging potential threats.

Language:VBScriptGPL-3.027 30

mal2csv

Malformed Access Log to CSV - Convert Web Server Access Logs to CSV

Language:PythonAGPL-3.015 20

Rhythm-CB-Scripts

Collection of scripts for use with Carbon Black Cb Response API

Language:VBScriptLGPL-3.014 40

YARA_Rules_Util

YARA duplicate rule detection and removal. YARA rule index creation. YARA rule file merger.

Language:Python9 4 1

threatintelligenceaggregator

Threat Intelligence Aggregator API example

Language:Python8 40

Web_Log_Deobfuscate

Deobfuscate various encodings that can be found in web logs.

Language:Python7 40

LevelUpDomain

Takes a list of domains and output one unique domain structure for each unique second (or third) level domain

Language:VBScript4 20

YARA_Rules_Project_Sorted_Ruleset

YARA rules sorted by file type from the Yara-Rules/rules repository

Language:YARAGPL-2.04 20

wEventLogSearch

Search Windows event log and output results to a text file

Language:C#3 20

CombineSpreadsheets

Combine all columns from two Microsoft Excel spreadsheets into one based on matching column values

Language:VBScript2 30

parse-ATTK

Trend Micro Anti-Threat Toolkit output parser

Language:VBScriptLGPL-3.02 20

Vectra_Detect_API

Vectra Detect API example in Python

Language:PythonAGPL-3.02 20

CBC_Vuln_Assessment

This script will take the CSV output and create a CSV with endpoints grouped by CVE and one with NVD descriptions

Language:PythonAGPL-3.01 20

convertDNS

Converts dns names to Microsoft DNS debug format. Example: google.com becomes (6)google(3)com(0)

Language:PythonMIT1 20

CSV_Condense

Select key columns in the CSV to track unique values and produce a condensed output

Language:PythonAGPL-3.01 20

Judge-Jury-and-Executable

File system forensics analysis and threat hunting tool. Scans file systems at the MFT and OS level and stored in SQL. Threats and data can be probed harnessing the power and syntax of SQL.

Language:CAGPL-3.01 20

process_tor

Process a CSV of tor alerts against the www.dan.me.uk/tornodes list to confirm if the IP and port are listed.

Language:PythonAGPL-3.01 20

Python_MixMode_API

Example API code in Python to work with MixMode PacketSled

Language:PythonAGPL-3.01 20

s1_blacklist_export

SentinelOne Blacklist Export

Language:PythonAGPL-3.01 20

Sort_YARA_Rules

Sort YARA Rules by File Type

Language:PythonAGPL-3.01 20

CAPEv2

Malware Configuration And Payload Extraction

Language:PythonNOASSERTION010

Cylance_Optics_YARA

PoC YARA scanner for Cylance Optics using .net YARA DLL via IronPython

Language:PythonUnlicense020

DnsClientCOM

COM object for performing DNS queries / lookups

Language:C#Apache-2.0020

nvd-cve-api

Wrapper to fetch cve information from NVD

Language:PythonMIT010

rules

Repository of yara rules

Language:YARAGPL-2.0010

timesketch

Collaborative forensic timeline analysis

Language:PythonApache-2.0010

timesketch-cli

A dedicated repo to interact with the API of Timesketch

Language:PythonApache-2.0010

TreeParse

Parse tree command output

Language:PythonAGPL-3.0020

winVulnAssess

Assess a mounted Windows volume for exploitable vulnerabilities

Language:VBScriptAGPL-3.0020

Yara-Rules

Repository of YARA rules made by McAfee Enterprise ATR Team

Language:YARAApache-2.0010