a tool to help operate in EDRs' blind spots

戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.防守方的利剑

Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)

PowerShell-based Automation of Defender for Endpoint

An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy.

Carbon Black API - Python language bindings

Tools to automate and/or expedite response.

「🛡️」AVs/EDRs Evasion tool

Python EDR system Example (server and client-side)

[benchmark] Trajectory similarity computation

Utilizing your Threat data from a MISP instance into CarbonBlack Response by exposing the data in the Threat Intelligence Feed.

Carbon Black - Facebook Threat Exchange Connector

Analysis-oriented command line tool for remote execution and triage via EDRs API

Sample pipeline demo highlighting how to integrate Falcon Container Sensor into ECS Fargate Workloads

Carbon Black - LastLine Binary Detonation Connector

Outlines a scalable SOC optimization approach tailored for Palo Alto Networks Cortex XSIAM.

The OGC Environmental Data Retrieval API query parser makes it easy to parse and use the API query.

CloudDog is a centralized EDR and WAF, it is able to identify and prevent web application attacks, ssh bruteforce and Suspicious shell commands.

Import Cb Collective Defense Cloud Intelligence Feeds to air-gapped VMware Carbon Black EDR servers

PyCanary: CMD line tool to monitor any directory for file access or file changes, log event, send basic alert to user, and dump and process information collected. There is also a background thread monitoring all created processes and logging them for later analysis.