yk's starred repositories
public-pentesting-reports
A list of public penetration test reports published by several consulting firms and academic security groups.
StratosphereLinuxIPS
Slips, a free software behavioral Python intrusion prevention system (IDS/IPS) that uses machine learning to detect malicious behaviors in the network traffic. Stratosphere Laboratory, AIC, FEL, CVUT in Prague.
Hunting-Queries-Detection-Rules
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
macOS-Security-and-Privacy-Guide
Guide to securing and improving privacy on macOS
Events-Ripper
Project based on RegRipper, to extract add'l value/pivot points from TLN events file
multithreaded-exfil-detection
A simple way of detecting multithreaded exfiltration in Zeek.
it-depends
A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositories.
conti-leaks-englished
Google and deepl translated conti leaks, which is shared by a member of the conti ransomware group.
spacesiren
A honey token manager and alert system for AWS.
threat-tools
Tools for simulating threats
memory-baseliner
Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on multiple such images
FollinaExtractor
Extract payload URLs from Follina (CVE-2022-30190) docx and rtf files
dfir-iris-misp-timesketch
Scripts to integrate DFIR-IRIS, MISP and TimeSketch
beacon-fronting
A simple command line program to help defender test their detections for network beacon patterns and domain fronting