Scan files with Yara, match findings to VirusTotal comments.
BlueBox is an Open Source Intelligence (OSINT) solution that provides threat intelligence data about specific files, IPs, domains, and URLs, allowing for quick analysis of suspicious files or malware. It offers enrichment of threat intelligence for malware and observables, scales out to speed up threat info retrieval, and includes features such as static analysis of files, detection using YARA rules, machine learning for URL and phishing website detection, and extraction of lexical features to aid in identifying malicious websites. The application is built with Python3, Flask, JavaScript, Bootstrap, SQLAlchemy, Scikit-learn, JSON, and YARA rules.
Scan files with Yara, match findings to VirusTotal comments.
Sigma is a generic and open signature format for SIEM systems and other security tools to detect and respond to threats.
A summary of the threat modeling posts and final thoughts on the process
Unified repository for Microsoft Sentinel and Microsoft 365 Defender containing security content, detections, queries, playbooks, and resources to secure environments and hunt for threats.
A Splunk app mapped to MITRE ATT&CK to guide threat hunts.
A tool for investigating incidents involving users clicking on emails with links or attachments and opening macro-enabled word documents using Sysmon.