Stars
🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.
A toolset to make a system look as if it was the victim of an APT attack
🧰 ESXi Testing Tookit is a command-line utility designed to help security teams test ESXi detections.
A command line tool that turns NVD CVE records into STIX 2.1 Objects.
A curated list of GPT agents for cybersecurity
Active Directory ACL Visualizer and Explorer - who's really Domain Admin? (Commerical versions available from NetSection)
PowerShell tools to help defenders hunt smarter, hunt harder.
PurpleSpray is an adversary simulation tool that executes password spray behavior under different scenarios and conditions with the purpose of generating attack telemetry in properly monitored Wind…
Python tool for converting files and office documents to Markdown.
M365/Azure adversary simulation tool that generates realistic attack telemetry to help blue teams improve their detection and response capabilities.
A community-driven repository for threat hunting ideas, methodologies, and research that serves as a central gathering place for hunters to share knowledge, collaborate on techniques, and advance t…
Customizable Linux Persistence Tool for Security Research and Detection Engineering.
A simple tool designed to create Atomic Red Team tests with ease.
This map lists the essential techniques to bypass anti-virus and EDR
Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation of detective controls with the goal of proactively identifyin…
Public Repository of Open Source Tools for Cyber Threat Intelligence Analysts and Researchers
Detect Tactics, Techniques & Combat Threats
Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
Zero shot vulnerability discovery using LLMs
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
Small and highly portable detection tests based on MITRE's ATT&CK.
A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk
KQL Queries. Microsoft Defender, Microsoft Sentinel
KQL Detections for Microsoft Sentinel and Microsoft 365 Defender
KQL Queries. Microsoft Defender, Microsoft Sentinel