Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18.
Direct Memory Access (DMA) Attack Software
A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
:vertical_traffic_light:Web Application Firewall or API Gateway(应用防火墙/API网关)
Unprivileged sandboxing tool
Moloch is an open source, large scale, full packet capturing, indexing, and database system.
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. With over 10,000 deployments world-wide, ModSecurity is the most widely deployed WAF in existence.
Windows 8.1 and 10 UAC bypass abusing WinSxS in "dccw.exe".
Linux Malware Detection (LMD)
AntiVirus Evasion Tool
CLI and build-time tool to find & fix known vulnerabilities in open-source dependencies
A collection of scripts and information for Malware Hunting.
Malicious HTTP traffic explorer
Fast Advanced Spam Analysis Tool
Cloud Security Suite - One stop tool for auditing the security posture of AWS & GCP infrastructure.