RocksDB/LevelDB inspired key-value database in Go

BadgerHold is an embeddable NoSQL store for querying Go types built on Badger

Template Based Sigma Parser

Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.

KQL Queries. Microsoft Defender, Microsoft Sentinel

AI app store powered by 24/7 desktop history. open source | 100% local | dev friendly | 24/7 screen, mic recording

Easy alternative to Blood Hound

FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is designed to be used in conjunction with a SIEM or other log ag…

Simple and efficient pytorch-native transformer text generation in <1000 LOC of python.

Command and Control (C2) framework

Control for Tapo cameras as a Home Assistant component

Diffusion Bee is the easiest way to run Stable Diffusion locally on your M1 Mac. Comes with a one-click installer. No dependencies or technical knowledge needed.

This shared library allows to control Eufy security devices by connecting to the Eufy cloud servers and local/remote stations over p2p.

SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

A vulnerability scanner for container images and filesystems

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

kill anti-malware protected processes ( BYOVD ) ( Microsoft Won )

Lifetime AMSI bypass

Live Feed of C2 servers, tools, and botnets

Process Monitor Library (based on Apple's new Endpoint Security Framework)

Threat model for Amazon S3 - Library of all the attack scenarios on Amazon S3, and how to mitigate them following a risk-based approach

Suricata rule and intel index

This project aims to compare and evaluate the telemetry of various EDR products.

Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" macOS binaries and how they can be used by threat actors for m…

singe's grep - a fast grep using single-file parallelism

monitor macOS for malicious activity

Unit tests for blue teams to aid with building detections for some common macOS post exploitation methods.