| Loki |
GitHub Release |
Loki - Simple IOC and YARA Scanner |
malware-analysis, ioc-scanner, yara, detection |
.exe, .dll, .bin |
|
| MSRC |
Git |
Data from Microsoft patch tuesdays. |
vulnerability, windows |
|
|
| PatchaPalooza |
Git |
A comprehensive tool that provides an insightful analysis of Microsoft's monthly security updates. |
vulnerability, windows, binary-diffing |
|
|
| Shadow-Pulse |
Git |
Information about ransomware groups (Ransomware Analysis Notes) |
threat-intelligence, ioc |
|
|
| YARA |
GitHub Release |
YARA is a tool for identifying and classifying malware. |
yara, malware-analysis, detection, detection-rules |
.yar, .yara, .exe, .dll, .bin |
|
| chainsaw-rules |
Git |
A set of custom Chainsaw rules for event log threat hunting. |
sigma, detection-rules |
|
|
| god-mode-rules |
Git |
God Mode Detection Rules |
yara, sigma, detection-rules |
|
|
| legacy-sigmatools |
Git |
Legacy Sigma Tools (sigmac etc.) |
sigma, detection-rules |
|
|
| mkyara |
Python |
|
yara, detection-rules, malware-analysis |
.exe, .dll, .bin |
|
| ppdeep |
Python |
|
hashing, fuzzy-hashing, binary-diffing |
|
|
| pySigma-backend-loki |
Python |
|
sigma, detection |
.yml, .yaml |
|
| pysigma-backend-elasticsearch |
Python |
|
sigma, detection, log-analysis, search |
.yml, .yaml |
|
| pysigma-backend-splunk |
Python |
|
sigma, detection, siem |
.yml, .yaml |
|
| pysigma-backend-sqlite |
Python |
|
sigma, detection, sqlite |
.yml, .yaml |
|
| pysigma-pipeline-sysmon |
Python |
|
sigma, detection, event-log, windows |
.yml, .yaml |
|
| pysigma-pipeline-windows |
Python |
|
sigma, detection, windows |
.yml, .yaml |
|
| sigma |
Git |
Main Sigma Rule Repository |
sigma, detection-rules, siem |
|
|
| sigma-cli |
Python |
|
sigma, detection, log-analysis |
.yml, .yaml |
|
| signature-base |
Git |
YARA signature and IOC database for my scanners and tools. |
yara, detection-rules, ioc |
.yara |
|
| threat-intel |
Git |
Signatures and IoCs from public Volexity blog posts. |
threat-intelligence, ioc |
|
|
| yara-python |
Python |
|
yara, malware-analysis, detection |
.yar, .yara |
|
| yara-x |
GitHub Release |
yara-x is a faster and more flexible version of YARA. |
yara, malware-analysis, detection, detection-rules |
.yar, .yara, .exe, .dll, .bin |
|
| yq |
GitHub Release |
yq is a portable command-line YAML, JSON, XML, CSV, TOML and properties processor. |
yaml, data-processing, cli |
.yaml, .yml, .json, .xml, .toml |
|