Threat Detection

GridPot is a honeypot framework that combines GridLAB-D, Conpot, and libiec61850 to simulate industrial control systems and detect attacks on power grid infrastructure.

Cloud-based virus scan APIs for securing files, URLs, and content uploads with advanced anti-virus and malware scanning capabilities.

A lightweight malware detection and removal tool that provides real-time protection against complex attacks while preserving system resources.

MetaDefender Cloud offers advanced threat prevention using technologies like Multiscanning, Deep CDR, and Sandbox.

A Yara ruleset designed to detect PHP shells and other webserver malware for malware analysis and threat detection.

A serverless application that creates and monitors fake HTTP endpoints as honeytokens to detect attackers, malicious insiders, and automated threats.

A set of Bro/Zeek scripts that detect ATT&CK-based adversarial activity and raise notices

A runtime threat management and attack path enumeration tool for cloud-native environments

A tool for identifying and analyzing Java serialized objects in network traffic

A community-driven repository of pre-built security analytics queries and rules for monitoring and detecting threats in Google Cloud environments across various log sources and activity types.

HoneyDB is a honeypot-based threat intelligence platform that provides real-time insights into attacker behavior and malicious activity on networks.

A collection of YARA rules for public use, built from intelligence profiles and file work.

A Go-based honeypot that mimics Intel's AMT management service to detect and log exploitation attempts targeting the CVE-2017-5689 firmware vulnerability.

YARA rules for ProcFilter to detect malware and threats

VxSig is a Google-developed tool that automatically generates antivirus byte signatures from similar binaries for Yara and ClamAV detection engines.

Ghost USB Honeypot emulates USB storage devices to detect and analyze malware that spreads via USB without requiring prior threat intelligence.

Comprehensive cybersecurity platform for hybrid and multi-cloud environments

A cross-platform network detection tool that identifies active Responder tools by sending LLMNR queries for fabricated hostnames.

A Certificate Transparency log monitor that alerts users when SSL/TLS certificates are issued for their domains, helping detect unauthorized certificate issuance and potential security threats.

A PowerShell module for threat hunting and security analysis through Windows Event Log processing and malicious activity detection.

An open-source platform that builds instrumented environments, simulates attacks, and integrates with Splunk for detection rule development and testing.

A community-driven informational repository providing resources and guidance for hunting adversaries in IT environments.

Free tools for the CrowdStrike customer community to support their use of the Falcon platform.

A collection of structured incident response playbook battle cards providing prescriptive guidance and countermeasures for cybersecurity incident response operations.