There are no reviews yet. Be the first to send feedback to the community and the maintainers!
Yara-Rules
Repository of YARA rules made by Trellix ATR TeamDotDumper
An automatic unpacker and logger for DotNet Framework targeting filesCVE-2020-16898
CVE-2020-16898 (Bad Neighbor) Microsoft Windows TCP/IP Vulnerability Detection Logic and RuleCreosote
Creosote is our solution to searching for the tarfile vulnerability described by CVE-2007-4559.IOCs
Repository containing IOCs, CSV and MISP JSON from our blogsGhidraScripts
Scripts to run within Ghidra, maintained by the Trellix ARC teamDarkSide-Config-Extract
NetLlix
A project created with an aim to emulate and test exfiltration of data over different network protocols.CVE-2020-16899
CVE-2020-16899 - Microsoft Windows TCP/IP Vulnerability Detection Logic and Rulexbypass
A tool to facilitate ROP Chain Development for XML Character SanitizationExpert-Rules
Ripple-20-Detection-Logic
Ripple20 Critical Vulnerabilities - Detection Logic and SignaturesATR_HAX_CTF_2021
McAfee Enterprise Advanced Threat Research Capture the FlagDotDumperGUI
A graphical user interface to easily read through, and filter, DotDumper JSON-based logsATR_HAX_CTF_2022
Trellix Advanced Threat Research CTF compitition of 2022Russian_CyberThreats_Yara
Repository with aggregated public source yara rulesDotDumperNative
The native (unmanaged) library which contains hooks for native functions that are hooked using DotDumperGolang-Runtime-Binaries
A repository with a variety of compiled Golang binaries, each of which contains the entire Golang runtime for the given architecture for the specific Golang versionBSim
BSim signatures and databases for Ghidra to recover function symbols withFIDBs
FunctionID databases for Ghidra to recover function symbols with from stripped binariesLove Open Source and this site? Check out how you can help us