Turn any blog into structured threat intelligence.

SOAR Automation with Shuffle, Wazuh & TheHive | This project integrates Shuffle SOAR, Wazuh SIEM, and TheHive to automate security incident response. It enriches alerts using VirusTotal & AbuseIPDB…

A tool for scanning public or private AMIs for sensitive files and secrets. The tool follows the research made on AWS CloudQuarry where we scanned 20k+ public AMIs.

Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling

Threat-hunting tool for Linux

Simple hunting script for suspicious M365 OAuth Apps

This repository contains a list of new remediation scripts.

Repository where I hold random detection and threat hunting queries that I come up with based on different sources of information (or even inspiration).

An OSINT tool to search for accounts by username and email in social networks.

A security analysis tool that identifies DNS queries made by browser extensions, empowering security teams to detect and investigate suspicious activities.

Shared lists of problem domains people may want to block with hosts files

Automagically reverse-engineer REST APIs via capturing traffic

LdapNightmare is a PoC tool that tests a vulnerable Windows Server against CVE-2024-49113

This repository provides a comprehensive collection of detection rules and threat intelligence focused on malicious Chrome extensions supply chain attack incident that occurs between 24-26 December.

A powerful scanner to scan your Filesystem, S3, MySQL, Redis, Google Cloud Storage and Firebase storage for PII and sensitive data.

This comprehensive process injection series is crafted for cybersecurity enthusiasts, researchers, and professionals who aim to stay at the forefront of the field. It serves as a central repository…

PowerShell tools to help defenders hunt smarter, hunt harder.

ShellSweeping the evil.

M365/Azure adversary simulation tool that generates realistic attack telemetry to help blue teams improve their detection and response capabilities.

This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Active Directory) and how they can be mitigated or detected.

Automation to assess the state of your M365 tenant against CISA's baselines

Examine Chrome extensions for security issues

NoDelete is a tool that assists in malware analysis by locking a folder where malware drops files before deleting them.

Indicators of Compromises (IOC) of our various investigations

DarkFlare Firewall Piercing (TCP over CDN)

Cross-platform application to open any website or media in a floating window

A community-driven repository for threat hunting ideas, methodologies, and research that serves as a central gathering place for hunters to share knowledge, collaborate on techniques, and advance t…

📚 A Curated List of Awesome Telegram OSINT Tools, Sites & Resources