Built for the frontlines of cyber defense, our next-generation MISP empowers edge deployments and threat hunters with fast, lightweight, and actionable intelligence, anytime, anywhere.

Python 19 2 Updated Apr 7, 2026

Neo23x0 / Loki

Loki - Simple IOC and YARA Scanner

Python 3,742 623 Updated Jan 12, 2026

fhightower / ioc-finder

Simple, effective, and modular package for parsing observables (indicators of compromise (IOCs), network data, and other, security related information) from text. It uses grammars rather than regex…

Python 180 44 Updated Apr 6, 2026

brexhq / substation

Substation is a toolkit for routing, normalizing, and enriching security event and audit logs.

Go 395 32 Updated Jan 20, 2026

sublime-security / sublime-platform

A free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing. Gain visibility and control, hunt for advanced threats, collaborate with the communit…

Shell 254 31 Updated Apr 7, 2026

intezer / linux-explorer

Easy-to-use live forensics toolbox for Linux endpoints

HTML 406 60 Updated Mar 3, 2024

microsoft / ProcMon-for-Linux

A Linux version of the Procmon Sysinternals tool

C 4,654 290 Updated Mar 25, 2026

SuperCowPowers / zat

Zeek Analysis Tools (ZAT): Processing and analysis of Zeek network data with Pandas, scikit-learn, Kafka and Spark

Jupyter Notebook 453 110 Updated Mar 19, 2026

FoxIO-LLC / LogSlash

A standard for reducing log volume without sacrificing analytical capability

216 18 Updated Feb 21, 2025

tenzir / tenzir

Tenzir is the data pipeline engine for security teams.

C++ 734 104 Updated Apr 8, 2026

VirusTotal / yara

The pattern matching swiss knife

C 9,526 1,555 Updated Feb 10, 2026

mandiant / capa

The FLARE team's open-source tool to identify capabilities in executable files.

Python 5,939 692 Updated Apr 7, 2026

brimdata / zui

Zui is a powerful desktop application for exploring and working with data. The official front-end to the Zed lake.

TypeScript 1,935 136 Updated Feb 3, 2026

hasherezade / hollows_hunter

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

C 2,334 288 Updated Apr 7, 2026

endgameinc / eql

Python 229 45 Updated Nov 18, 2025

Netflix / dispatch

All of the ad-hoc things you're doing to manage incidents today, done for you, and much more!

Python 6,427 656 Updated Sep 3, 2025

socprime / Uncoder_IO

An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy.

Python 183 40 Updated Dec 2, 2025

redhuntlabs / RedHunt-OS

Virtual Machine for Adversary Emulation and Threat Hunting

1,316 200 Updated Jan 22, 2025

clong / DetectionLab

Automate the creation of a lab environment complete with security tooling and logging best practices

HTML 4,937 1,013 Updated Jul 6, 2024

ossec / ossec-hids

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

C 5,030 1,073 Updated Mar 22, 2026

Velocidex / velociraptor

Digging Deeper....

Go 3,880 603 Updated Apr 8, 2026

Oliver OliverGee

Lists (3)

Media

New

Social Media & Marketing

Starred repositories

Awesome Lists