nbareil

seccomp-nurse

Sandboxing framework based on SECCOMP

docker-forensics

Incident response environment

SSTIC-Annex

Slides et Articles de sstic.org

pcap-merge

pcap-merge is as simple and dummy as its name

yara-dedup

Dedup yara rules based on their rule identifier

justanothergeek.chdir.org

My blog

yaraparser-go

scanning and parsing yara files just for fun, ⚠️ NOT (intented to be) FINISHED!

CobaltStrikeParser

cookiecutter-py-cli

docker-protobuf

All inclusive Protocol Buffer and gRPC suite, powered by Docker and Alpine

go-github

Go library for accessing the GitHub API

go-yara

Go bindings for YARA

govt

Virustotal API for Go

haydump

huntlib

A Python library to help with some common threat hunting data analysis operations

INDXParse

Tool suite for inspecting NTFS artifacts.

misp-rfc

Specifications used in the MISP project including MISP core format

misp-warninglists

Warning lists to inform users of MISP about potential false-positives or other information in indicators

mispgo

Golang library for MISP

msticpy

Microsoft Threat Intelligence Security Tools

mwclient

mwclient is a Python framework to interface with the MediaWiki API.

PyMISP

Python library using the MISP Rest API

python-registry

Pure Python parser for Windows Registry hives.

shellbags

Cross-platform, open-source shellbag parser

sigma

Generic Signature Format for SIEM Systems

star-and-clone

stenographer

Stenographer is a packet capture solution which aims to quickly spool all packets to disk, then provide simple, fast access to subsets of those packets. Discussion/announcements at stenographer@googlegroups.com

til-manager

voila

Voilà turns Jupyter notebooks into standalone web applications

yara-parser

Tools for parsing rulesets using the exact grammar as YARA. Written in Go.