A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

Have fun with audit log analysis :)

安全场景、基于AI的安全算法和安全数据分析业界实践

Original implementation and resources of DeepCASE as in the S&P '22 paper

Pure Python parser for Windows Event Log files (.evtx)

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover su…

Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsacyber

《Web安全之强化学习与GAN》

深度学习500问，以问答形式对常用的概率知识、线性代数、机器学习、深度学习、计算机视觉等热点问题进行阐述，以帮助自己及有需要的读者。 全书分为18个章节，50余万字。由于水平有限，书中不妥之处恳请广大读者批评指正。 未完待续............ 如有意合作，联系[email protected] 版权所有，违权必究 Tan 2018.06

Indicators of compromise (IOCs) collected from public resources and categorized by Qi-AnXin.

Pre-Built Vulnerable Environments Based on Docker-Compose

Snort in Docker for Network Functions Virtualization (NFV)

📓 Long(er) text representation and classification using Doc2Vec embeddings

Suricata IDS rules 用来检测红队渗透/恶意行为等，支持检测CobaltStrike/MSF/Empire/DNS隧道/Weevely/菜刀/冰蝎/挖矿/反弹shell/ICMP隧道等

Exploitkit

One of a few malware collections on the GitHub.

Defund the Police.

将Linux现常用的网络加速集成在一起

A little tool to play with Windows security

Pcaps for PeddleCheap and implant communication + script for interpreting and decrypting pcaps.

Google CTF

A collection of hacking / penetration testing resources to make you better!

Course materials for Malware Analysis by RPISEC

Linux audit userspace repository

Material from the DARPA Transparent Computing Program

A Linux Auditd rule set mapped to MITRE's Attack Framework

Attack Detection