bigbrobro's repositories
api-firewall
Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.
APTLab-Analysis
Loading provenance graph from a set of CSV files
attack-flow
Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flows for a small corpus of incidents, and creating visualization tools to display attack flows.
Attack_Code
文章 Attack Code 的详细全文 希望是一篇不错的云安全入门材料
backdoor_detection
This is a project used for detecting backdoors at different levels.
bloodyAD
BloodyAD is an Active Directory Privilege Escalation Framework
blue-teaming-with-kql
Repository with Sample KQL Query examples for Threat Hunting
EasyPen
EasyPen is a GUI program which helps pentesters do information gathering, vulnerability scan and exploitation
ee-outliers
Open-source framework to detect outliers in Elasticsearch events
fastjsonVul
fastjson 80 远程代码执行漏洞复现
gotestwaf
An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses
kestrel-huntbook
This repository hosts community contributed Kestrel huntflows (.hf) and huntbooks (.ipynb)
kestrel-lang
Kestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel.
Knowledge-enhanced-Attack-Graph
AttacKG: Constructing Knowledge-enhanced Attack Graphs from Cyber Threat Intelligence Reports
laurel
Transform Linux Audit logs for SIEM usage
Palantir
PalanTír: Optimizing Attack Provenance with Hardware-enhanced System Observability, ACM CCS'22
recon.cloud-cli
A bash script for scanning AWS public cloud footprint and getting suddomains, service name, cname and region from recon.cloud
rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
rita
Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.
Sandman
Sandman is a NTP based backdoor for red team engagements in hardened networks.
siembol
An open-source, real-time Security Information & Event Management tool based on big data technologies, providing a scalable, advanced security analytics framework.
SIGMA-detection-rules
Set of SIGMA rules (>250) mapped to MITRE Att@k tactic and techniques
SPADE
SPADE: Support for Provenance Auditing in Distributed Environments
StratosphereLinuxIPS
Slips, a free software behavioral Python intrusion prevention system (IDS/IPS) that uses machine learning to detect malicious behaviors in the network traffic. Stratosphere Laboratory, AIC, FEL, CVUT in Prague.
stratus-red-team
:cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud
SysmonQuiet
RDLL for Cobalt Strike beacon to silence sysmon process
Threat-Hunting-and-Detection
Repository for threat hunting and detection queries, tools, etc.