Neo23x0/BlueLedger

Stars
166
Rank 227,748 (Top 5 %)
Language
Created about 4 years ago
Updated over 2 years ago

Neo23x0/BlueLedger

Neo23x0

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

A list of my personal projects

BlueLedger

A list of my personal and community supported projects on Github and all other locations

Signatures

Sigma

Generic Signature Format for SIEM Systems

https://github.com/Neo23x0/sigma

Signature Base

Community supported YARA signature database for my scanners LOKI and THOR Lite

https://github.com/Neo23x0/signature-base

Godmode Rules

PoC rules that cover a lot of different techniques and generic indicators. The mantra is If you had only one shot, what would you aim for?

Sigma https://gist.github.com/Neo23x0/811db09add59068a7a80273d7e5f6e0f

YARA https://gist.github.com/Neo23x0/f1bb645a4f715cb499150c5a14d82b44

Scanners

LOKI

Loki - Simple IOC Scanner

https://github.com/Neo23x0/Loki

THOR Lite

Fast and flexible multi-platform IOC and YARA scanner

https://www.nextron-systems.com/thor-lite/

Fenrir

Simple Bash IOC Scanner

https://github.com/Neo23x0/Fenrir

Malware Protection

Raccine

A Simple Ransomware Protection

https://github.com/Neo23x0/Raccine

Signature Work

yarGen

A YARA rule generator

https://github.com/Neo23x0/yarGen

Munin

Online hash checker for Virustotal and other services

https://github.com/Neo23x0/munin

Panopticon

A YARA rule performance measurement tool

https://github.com/Neo23x0/panopticon

Xorex

XOR Key Evaluator for Encrypted Executables

https://github.com/Neo23x0/xorex

yarAnalyzer

Yara Rule Analyzer and Statistics

https://github.com/Neo23x0/yarAnalyzer

Fnord

A pattern extractor for obfuscated code

https://github.com/Neo23x0/Fnord

YARA Rule Hash Generator

A generator that creates a unique hash over the relevant sections of a YARA rule

https://gist.github.com/Neo23x0/81990b8e5eb351a118dca1d5f2a2a86b

Base64 Encodings Learning Aid

Learning aid with the most common base64 encoded strings seen in malicious code

https://gist.github.com/Neo23x0/6af876ee72b51676c82a2db8d2cd3639

YARA Rule Performance Guidelines

Guidelines to help you write YARA rules that are fast and don't consume a lot of memory

https://gist.github.com/Neo23x0/e3d4e316d7441d9143c7

How to write YARA Rules Guides

a bit outdated but still okay

How to Write Simple but Sound YARA Rules - Part1

How to Write Simple but Sound YARA Rules - Part2

How to Write Simple but Sound YARA Rules - Part3

50 Shades of YARA

How to Create a YARA Rule for a Compromised Certificate

Security Monitoring

AntiVirus Event Analysis Cheat Sheet

A cheat sheet that help security monitoring anylsts process events from their antivirus products in a reasonable manner.

https://www.nextron-systems.com/?s=antivirus

Web Proxy Event Analysis Cheat Sheet

A cheat sheet that help security monitoring anylsts process events from their web proxy products in a reasonable manner.

https://www.nextron-systems.com/?s=proxy+cheat

Auditd Best Practice Configuration

Best practice configuration for the Linux/Unix audit daemon.

https://github.com/Neo23x0/auditd

Threats

APT Groups and Operations Sheet

A Google Docs spreadsheet that tracks the different names and campaign of well-known threat groups.

https://docs.google.com/spreadsheets/d/e/2PACX-1vTheajUWzRhTK0XhSI3_RnYVtUJvl8mlX8HlThPyCJGK1g5SBecgS78O1oeTFQxDYS0oWlKTg2pNLyb/pubhtml

APT Simulator

APT Simulator is a Windows Batch script that uses a set of tools and output files to make a system look as if it was compromised (probably the most basic and simplest threat simulation tool available)

https://github.com/NextronSystems/APTSimulator

Article: The Newcomer’s Guide to Cyber Threat Actor Naming

https://medium.com/@cyb3rops/the-newcomers-guide-to-cyber-threat-actor-naming-7428e18ee263

Article: How to Fall Victim to Advanced Persistent Threats

https://www.nextron-systems.com/2016/05/04/how-to-fall-victim-to-apt/

Slide Decks

Security Analyst Workshop

Security analyst workshop slides, with useful tools and services

https://www.slideshare.net/FlorianRoth2/security-analyst-workshop-20200212

Maturity Model of Security Disciplines

Maturity Model of Security Disciplines (includes the table with the top log sources)

https://www.slideshare.net/FlorianRoth2/maturity-model-of-security-disciplines

Ransomware Resistance

The Pareto principle applied to a list of measures that increase malware resistance

https://www.slideshare.net/FlorianRoth2/ransomware-resistance

50 Shades of Sigma

Describe and Share Generic Threat Detection Methods

https://web.tresorit.com/l/lN841#uqbRHdXCFzVVX8obs1OEUw&viewer=HzCnrjmYjRWrou0r2qMfspRZSPFyv4RC

Other

DLLRunner

A tool to run DLL files in sandbox systems (from October 2014)

https://github.com/Neo23x0/DLLRunner

RadioCarbon

A leak file analyzer

https://github.com/Neo23x0/radiocarbon

Project Ideas

... (TBA)

Loki

Loki - Simple IOC and YARA Scanner

signature-base

YARA signature and IOC database for my scanners and tools

yarGen

yarGen is a generator for YARA rules

auditd

Best Practice Auditd Configuration

Raccine

A Simple Ransomware Vaccine

munin

Online hash checker for Virustotal and other services

log4shell-detector

Detector for Log4Shell exploitation attempts

Fenrir

Simple Bash IOC Scanner

yarAnalyzer

Yara Rule Analyzer and Statistics

vti-dorks

Awesome VirusTotal Intelligence Search Queries

Fnord

Pattern Extractor for Obfuscated Code

DLLRunner

Smart DLL execution for malware analysis in sandbox systems

god-mode-rules

God Mode Detection Rules

YARA-Performance-Guidelines

A guide on how to write fast and memory friendly YARA rules

evt2sigma

Log Entry to Sigma Rule Converter

yaraQA

YARA rule analyzer to improve rule quality and performance

Cyber-Search-Shortcuts

Browser Shortcuts for Cyber Security Related Online Services

exotron

Sandbox feature upgrade with the help of wrapped samples

Loki2

LOKI2 - Simple IOC and YARA Scanner

ImpHash-Generator

PE Import Hash Generator

Rewind

Immediate Virus Infection Counter Measures

radiocarbon

Leak File Analyzer

tiny-shells

All kinds of tiny shells

panopticon

A YARA Rule Performance Measurement Tool

LOLSecIssues

Cybersecurity's lighter side: a collection of the most amusing misunderstandings and missteps from newcomers to offensive security tools. A repository where naiveté in infosec is met with humor.

ti-falsepositives

A collection of typical false positive indicators

webshell-intel

Scan web server for known webshell names and responses

xorex

XOR Key Extractor

Talks

Slides of my public talks

cyber-chef-recipes

Recipes for GCHQ's CyberChef Web App

sysmon-version-history

An Inofficial Sysmon Version History (Change Log)

littlesnitch-log-exporter

LittleSnitch Log Statistics Exporter

YARA-Style-Guide

A specification and style guide for YARA rules

SkeletonKeyScanner

Scanner for the SkeletonKey Malware

ThreatResearch-Reporting-Guide

Offensive Research Guide to Help Defense Improve Detection

prisma

Command Line STDOUT Colorer

ReginScanner

Scanner for Regin Virtual Filesystems

space-id

Invisible Watermarks with Space Characters in ASCII Files

neolog

Windows Syslog Command Line Client

narsil

Spy Agency Teasing

yara-uuid-generator

A tool that adds reproducible UUIDs to YARA rules

WPWatcher

Wordpress Watcher is a wrapper for WPScan that manages scans on multiple sites and reports by email

defensive-project-ideas

Ideas for projects for defensive research or blue teaming

agile-hacking

Collection of hacks that make use of the least available on victim systems

CredsSpreader

A tool to spread canary credentials in your organisation

language-thor

Syntax Theme for THOR APT Scanner log files

yara-type-selectors

YARA rules to certain types of files without using YARA modules to avoid the performance impact

PassTweaker

Tweaks password files to match modern password requirements

speedy

(Demo) - Only used to demonstrate a memory leak caused by Golang regexp

loki-cloud

A flexible and lightweight way to execute LOKI on end systems

imphash-go

Imphash Generator