Dettectinator - The Python library to your DeTT&CT YAML files.

Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (pa…

Used to create wrappers and proxy libraries for Windows binaries.

OSSEM Data Dictionaries

TRAM is an open-source platform designed to advance research into automating the mapping of cyber threat intelligence reports to MITRE ATT&CK®.

Open Source Security Events Metadata (OSSEM)

STIX data representing MITRE ATT&CK

Template-Driven AV/EDR Evasion Framework

Xavier Framework is a user interface wrapper built on top of the Volatility(c) memory forensics framework.

DPAPILAB Next Gen, script collection

Web app that provides basic navigation and annotation of ATT&CK matrices

OSSEM Detection Model

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

Cyber Threat Intelligence Repository expressed in STIX 2.0

Automate the creation of a lab environment complete with security tooling and logging best practices

Jupyter notebooks for Blue Teams.

A touch screen (Adafruit PiTFT 3.5") Sonos controller for Raspberry Pi. Runs in a docker container.

An unofficial nodejs API wrapper for Hyundai bluelink and Kia UVO

Hunting queries and detections

PowerShell Obfuscator

PowerShell Remote Download Cradle Generator & Obfuscator

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

Splunk Boss of the SOC version 2 dataset.

attack2jira automates the process of standing up a Jira environment that can be used to track and measure ATT&CK coverage

Steal a primary token and spawn cmd.exe using the stolen token

A little tool to play with Windows security

Re-play Security Events

Actionable analytics designed to combat threats

Detect Tactics, Techniques & Combat Threats