应急响应实战笔记，一个安全工程师的自我修养。

Gosint is a distributed asset information collection and vulnerability scanning platform

基于神经网络的 PHP webshell检测器，目前有Attention与LSTM两种网络结构，以OPCODE作特征基础

本程序旨在为安全应急响应人员对Linux主机排查时提供便利，实现主机侧Checklist的自动全面化检测，根据检测结果自动数据聚合，进行黑客攻击路径溯源。

Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台，无需编写代码的安全自动化，使用 SOAR 可以让团队工作更加高效

A PHP7 extension that can hook most functions/classes and parts of opcodes

Taint is a PHP extension, used for detecting XSS codes

WeChat Official Accounts, zhihu and CSDN'blog code

Repository of yara rules

Sample DGA classifier

Apache Airflow - A platform to programmatically author, schedule, and monitor workflows

A python reverse shell that uses DNS as the c2 channel

机器学习流量检测webshell-基于深度包检测技术和贝叶斯算法的webshell检查程序

Suricata IDS rules 用来检测红队渗透/恶意行为等，支持检测CobaltStrike/MSF/Empire/DNS隧道/Weevely/菜刀/冰蝎/挖矿/反弹shell/ICMP隧道等

dns tunnel dectect with CNN

findWebshell是一款基于python开发的webshell检测工具。

Oops, It's funny to detect a webshell. Temporarily not maintained

威胁情报，恶意样本分析，开源Malware代码收集

John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

UserCF和ItemCF协同过滤推荐算法的实现

分别基于协同过滤算法和基于TensorFlow建立推荐系统

A curated list of Awesome Threat Intelligence resources

Machine Learning for Cyber Security

Open Source Deep Packet Inspection Software Toolkit

PoCBox - Vulnerability Test Aid Platform