A library of adversary emulation plans to evaluate defensive capabilities against real-world threats.
Malstrom is a Cyber Intelligence Management Platform that serves as a repository for threat tracking, forensic artifacts, YARA rules, and investigation notes. It includes features like a dashboard, malware sample management, malware file details, threat tag cloud, and IOC extraction and storage. To install, clone the repository, input your VirusTotal API key, run bundle install, set up the database configuration, migrate the database, precompile assets, and start the server.
A library of adversary emulation plans to evaluate defensive capabilities against real-world threats.
Signature-based YARA rules for detecting and preventing threats within Linux, Windows, and macOS systems.
Utilize Jupyter Notebooks to enhance threat hunting capabilities by focusing on different threat categories or stages.
A community-driven list of sample security analytics for auditing cloud usage and detecting threats in Google Cloud.
A tool for investigating incidents involving users clicking on emails with links or attachments and opening macro-enabled word documents using Sysmon.
Threat hunter based on osquery and Salt Open, querying open network sockets against threat intelligence sources.