BinaryDefense/YaraMemoryScanner

Stars
87
Rank 378,873 (Top 8 %)
Language
PowerShell
License
GNU General Publi...
Created over 3 years ago
Updated about 2 years ago

BinaryDefense/YaraMemoryScanner

BinaryDefense

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Simple PowerShell script to enable process scanning with Yara.

log4j-honeypot-flask

Internal network honeypot for detecting if an attacker or insider threat scans your network for log4j CVE-2021-44228

auto-ossec

goatrider

GoatRider is a simple tool that will dynamically pull down Artillery Threat Intelligence Feeds, TOR, AlienVaults OTX, and the Alexa top 1 million websites and do a comparison to a hostname file or IP file.

beacon-fronting

A simple command line program to help defender test their detections for network beacon patterns and domain fronting

ThreatHuntingJupyterNotebooks

Jupyter Notebook

BinaryDefense.FSharp.Analyzers

Security analyzers for the FSharp (F#) language

IcedDecrypt

IcedID Decryption Tool

GhidraRustDependenciesExtractor

Ghidra script for extracting embedded Rust crate dependency strings from a compiled Rust binary

JsonWrapper

A Myriad plugin for generating statically typed lossless wrappers around JToken given a schema.

ARC-Labs-ML-Starter-Kit

Jupyter Notebook

glyph-hunter

Python Flask web app that checks names for potential homoglyph characteristics and reports results in json format

HiddenTaskHunter

ARC-Labs-Hunting-Queries

decloaker

A script that attempts to decloak symbiote activity, and some other LD_PRELOAD activity

mining-pools

List of mining pool domain names for use in detection logic

OTX-Microsoft-Logic-App

Microsoft Logic App for consuming Open Threat Exchange (OTX) data in Microsoft Sentinel / Log Analytics Workspace

borat-rat-plugin-emulators

.Net Libraries (DLLs) re-written from scratch that emulate the functionality of Borat RAT for defese testing purposes

RPCFirewall-LogParsers