Windows EVTX Samples [200 EVTX examples]

0 (0)

This container provides 200 Windows events samples related to specific attack and post-exploitation techniques, useful for testing detection scripts, training on DFIR and threat hunting, and designing detection use cases using Windows and Sysmon event logs. It includes a PowerShell script for parsing and replaying EVTX files with Winlogbeat.

Threat Management

Free

windows event-log sysmon powershell threat-hunting dfir

ALTERNATIVES

DailyIOC

0 (0)

A daily collection of IOCs from various sources, including articles and tweets.

Threat Management

Free

ioc yara apt

IOC Finder

0 (0)

Parse IOCs from text

Threat Management

Free

indicator-of-compromise ioc

VT_RuleMGR.py

0 (0)

Tool for managing Yara rules on VirusTotal

Threat Management

Free

threat-intelligence malware-analysis virus-total yara rule-management

SSLBL - SSL Blacklist

0 (0)

A project that detects malicious SSL connections by identifying and blacklisting SSL certificates used by botnet C&C servers and identifying JA3 fingerprints to detect and block malware botnet C&C communication.

Threat Management

Free

c2 botnet ja3 ssl

OpenTAXII

0 (0)

A robust Python implementation of TAXII Services with a friendly pythonic API.

Threat Management

Free

python taxii

Private Yara Rules Repository

0 (0)

A repository of freely usable Yara rules for detection systems, with automated error detection workflows.

Threat Management

Free

malware-detection threat-intelligence yara rules security-rules