a tool to help operate in EDRs' blind spots

戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.防守方的利剑

Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)

PowerShell-based Automation of Defender for Endpoint

An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy.

Carbon Black API - Python language bindings

Tools to automate and/or expedite response.

「🛡️」AVs/EDRs Evasion tool

Python EDR system Example (server and client-side)

[benchmark] Trajectory similarity computation

Utilizing your Threat data from a MISP instance into CarbonBlack Response by exposing the data in the Threat Intelligence Feed.

Outlines a scalable SOC optimization approach tailored for Palo Alto Networks Cortex XSIAM.

Carbon Black - Facebook Threat Exchange Connector

Analysis-oriented command line tool for remote execution and triage via EDRs API

Sample pipeline demo highlighting how to integrate Falcon Container Sensor into ECS Fargate Workloads

Carbon Black - LastLine Binary Detonation Connector

The OGC Environmental Data Retrieval API query parser makes it easy to parse and use the API query.

CloudDog is a centralized EDR and WAF, it is able to identify and prevent web application attacks, ssh bruteforce and Suspicious shell commands.

Import Cb Collective Defense Cloud Intelligence Feeds to air-gapped VMware Carbon Black EDR servers

A script that webs scrapes multiple webpages for known vulnerable Windows Drivers, SHA256 hashes all system drivers, looks for matching driver names and SHA256 hashes.