• Stars
    star
    2
  • Language
  • Created over 2 years ago
  • Updated over 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Repository with aggregated public source yara rules

More Repositories

1

Yara-Rules

Repository of YARA rules made by Trellix ATR Team
YARA
560
star
2

DotDumper

An automatic unpacker and logger for DotNet Framework targeting files
C#
246
star
3

CVE-2020-16898

CVE-2020-16898 (Bad Neighbor) Microsoft Windows TCP/IP Vulnerability Detection Logic and Rule
Lua
207
star
4

Creosote

Creosote is our solution to searching for the tarfile vulnerability described by CVE-2007-4559.
Python
83
star
5

IOCs

Repository containing IOCs, CSV and MISP JSON from our blogs
HTML
78
star
6

GhidraScripts

Scripts to run within Ghidra, maintained by the Trellix ARC team
Java
73
star
7

DarkSide-Config-Extract

31
star
8

NetLlix

A project created with an aim to emulate and test exfiltration of data over different network protocols.
C#
30
star
9

CVE-2020-16899

CVE-2020-16899 - Microsoft Windows TCP/IP Vulnerability Detection Logic and Rule
Lua
20
star
10

xbypass

A tool to facilitate ROP Chain Development for XML Character Sanitization
Python
18
star
11

Expert-Rules

17
star
12

Ripple-20-Detection-Logic

Ripple20 Critical Vulnerabilities - Detection Logic and Signatures
Lua
11
star
13

Threat-Reports

Repository to store the Threat Reports made by the McAfee Enterprise ATR Team
11
star
14

ATR_HAX_CTF_2021

McAfee Enterprise Advanced Threat Research Capture the Flag
Python
8
star
15

DotDumperGUI

A graphical user interface to easily read through, and filter, DotDumper JSON-based logs
C#
6
star
16

ATR_HAX_CTF_2022

Trellix Advanced Threat Research CTF compitition of 2022
Java
5
star
17

DotDumperNative

The native (unmanaged) library which contains hooks for native functions that are hooked using DotDumper
C++
2
star
18

Golang-Runtime-Binaries

A repository with a variety of compiled Golang binaries, each of which contains the entire Golang runtime for the given architecture for the specific Golang version
1
star
19

BSim

BSim signatures and databases for Ghidra to recover function symbols with
1
star
20

FIDBs

FunctionID databases for Ghidra to recover function symbols with from stripped binaries
1
star