Lists (20)
Stars
TRAM is an open-source platform designed to advance research into automating the mapping of cyber threat intelligence reports to MITRE ATT&CK®.
Living off the land Data Exfiltration methods
Docs and samples for privileged identity and access management in Microsoft Azure and Microsoft Entra.
A collection of Azure AD/Entra tools for offensive and defensive security purposes
Red team tool for abusing Commvault to achieve lateral movement, persistence, and file collection.
This project aims to be a drop-in replacement for the certstream server by Calidog. This tool aggregates, parses, and streams certificate data from multiple certificate transparency logs via websoc…
A deliberately vulnerable Microsoft Entra ID environment. Learn identity security through hands-on, realistic attack challenges.
VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios
Public repository of Sigma and YARA rules created by Synacktiv
Sublime rules for email attack detection, prevention, and threat hunting.
Public static website for the D3FEND project. For the D3FEND ontology repo see: https://github.com/d3fend/d3fend-ontology
A knowledge base of actionable Incident Response techniques
TheHive is a Collaborative Case Management Platform, now distributed as a commercial version
Small and highly portable detection tests based on MITRE's ATT&CK.
FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (ext4, XFS) journals (not systemd-journald logs), generates timelines, and detects suspicious activities.
A tool for checking if MFA is enabled on multiple Microsoft Services
This repository is for Indicators of Compromise (IOCs) from Zscaler ThreatLabz public reports
A Python reference implementation for CZDS download zone file API