mq1n
Follow
av-edr-siem
Elastic Agent - single, unified way to add monitoring for logs, metrics, and other types of data to a host.
Adversary tradecraft detection, protection, and hunting
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
GRR Rapid Response: remote live forensics for incident response
TheHive: a Scalable, Open Source and Free Security Incident Response Platform
Cortex: a Powerful Observable Analysis and Active Response Engine
A PoC Windows Minifilter Driver in pure Rust (Don't use it in production)
This project aims to compare and evaluate the telemetry of various EDR products.
This repository contains a simple vulnerability scanner for the Terrapin attack present in the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation".
PoC Anti-Rootkit to uncover Windows Drivers/Rootkits mapped to Kernel Memory.
Platform that enables Windows driver development in Rust. Developed by Surface.
MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
Owlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact).
Experimental: A rust library to monitor filesystem 🪛 and more in windows
A repository of sysmon configuration modules
Ransomware simulator written in Golang
INF Studio for easier working with driver installation files
Cloud-native SIEM for intelligent security analytics for your entire enterprise.
SQL powered operating system instrumentation, monitoring, and analytics.
💻🛡️ A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.
Test the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-CradleCrafter/Invoke-DOSfuscation payloads
A virtualization-based endpoint security solution for Windows
A curated list of awesome YARA rules, tools, and people.
Set of antianalysis techniques found in malware