neslog

3aj-lib

Proof of concept communications from C# via a web browser process

atomic-red-team

Small and highly portable detection tests based on MITRE's ATT&CK.

AWS_zeek

Deploy zeek with a mirror

bro-osquery

Bro integration with osquery

bro-packages

LIsting of Bro Packages

bro-sysmon

How to Zeek Sysmon Logs!

bro_scripts

Various Bro scripts

BroSysmon-Vagrant

Vagrant file to create Win32 VM for Bro-Sysmon Environment.

DET

(extensible) Data Exfiltration Toolkit (DET)

intel_feeds

Gathering list of intel feeds to use

ja3

JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.

JA3_SSL_Analysis

ja3_ua

JA3 mapping to HTTP UserAgent

malwoverview

Malwoverview.py is a first response tool to perform an initial and quick triage on either a directory containing malware samples or a specific malware sample.

misc-Hyara

Yara rule making tool (IDA Plugin)

packages

The default package source of the Zeek Package Manager

puppet_bro

Puppet module for installing bro.

puppet_examples

Samples of Puppet manifests

RATs

Collection of Remote Administration Tool samples

raw

The missing link between spreadsheets and data visualization

sigma

Generic Signature Format for SIEM Systems

spicy-noise

A Spicy protocol analyzer for WireGuard

suricata

Mirror of the official OISF Suricata git repository

suricata-rpms

Suricata RPMs for CentOS/EL

tcpflow

TCP/IP packet demultiplexer

testssl

.exe which makes a few simple SSL calls

the-endorser

An OSINT tool that allows you to draw out relationships between people on LinkedIn via endorsements/skills.

vaw_decode

vawtrak traffic decoder

zeek

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

zeek-plugin-noise

Spicy-Noise implementation in Binpac.