Tanisha L. Turner
@cybersecdiva.bsky.social
Cybersecurity Professional | Malware Researcher | Threat Hunter | <Detection> | SecOps
All Views expressed are my own.
All Views expressed are my own.
Nyxelf: A Linux ELF tool for analyzing malicious Linux ELF binaries that supports static and dynamic analysis
🔗Check it out:
github.com/M3rcuryLake/...
#binaryanalysis #linuxelf #reverseengineering #malwareanalysis #threathunting #infosec
🔗Check it out:
github.com/M3rcuryLake/...
#binaryanalysis #linuxelf #reverseengineering #malwareanalysis #threathunting #infosec
GitHub - M3rcuryLake/Nyxelf: Nyxelf is a highly effective tool tailored for analyzing malicious Linux ELF binaries, offering comprehensive support for both static and dynamic analysis techniques.
Nyxelf is a highly effective tool tailored for analyzing malicious Linux ELF binaries, offering comprehensive support for both static and dynamic analysis techniques. - M3rcuryLake/Nyxelf
github.com
May 4, 2025 at 3:12 AM
Nyxelf: A Linux ELF tool for analyzing malicious Linux ELF binaries that supports static and dynamic analysis
🔗Check it out:
github.com/M3rcuryLake/...
#binaryanalysis #linuxelf #reverseengineering #malwareanalysis #threathunting #infosec
🔗Check it out:
github.com/M3rcuryLake/...
#binaryanalysis #linuxelf #reverseengineering #malwareanalysis #threathunting #infosec
Reposted by Tanisha L. Turner
April 30, 2025 at 12:00 PM
yara2stix - A command line tool that converts the YARA Rules into STIX 2.1 Objects
Check it out:
github.com/muchdogesec/...
#yararules #detectionengineering #stix #threatintelligence #threatdetection
Check it out:
github.com/muchdogesec/...
#yararules #detectionengineering #stix #threatintelligence #threatdetection
GitHub - muchdogesec/yara2stix: A command line tool that converts the YARA Rules into STIX 2.1 Objects.
A command line tool that converts the YARA Rules into STIX 2.1 Objects. - muchdogesec/yara2stix
github.com
March 27, 2025 at 9:24 AM
yara2stix - A command line tool that converts the YARA Rules into STIX 2.1 Objects
Check it out:
github.com/muchdogesec/...
#yararules #detectionengineering #stix #threatintelligence #threatdetection
Check it out:
github.com/muchdogesec/...
#yararules #detectionengineering #stix #threatintelligence #threatdetection
S-TIP (Seamless Threat Intelligence Platform) - A threat intelligence platform to convert CTI into STIX files for more comprehensive viewing and information sharing
Check it out:🔥🔥
github.com/s-tip/stip-c...
#threatintel #STIX #threathunting #detectionengineering
#cybersecurity #infosec
Check it out:🔥🔥
github.com/s-tip/stip-c...
#threatintel #STIX #threathunting #detectionengineering
#cybersecurity #infosec
GitHub - s-tip/stip-common: Seamless Threat Intelligence Platform
Seamless Threat Intelligence Platform. Contribute to s-tip/stip-common development by creating an account on GitHub.
github.com
March 6, 2025 at 5:33 PM
S-TIP (Seamless Threat Intelligence Platform) - A threat intelligence platform to convert CTI into STIX files for more comprehensive viewing and information sharing
Check it out:🔥🔥
github.com/s-tip/stip-c...
#threatintel #STIX #threathunting #detectionengineering
#cybersecurity #infosec
Check it out:🔥🔥
github.com/s-tip/stip-c...
#threatintel #STIX #threathunting #detectionengineering
#cybersecurity #infosec
Matano - An open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
Check it out:
github.com/matanolabs/m...
#threathunting #detectionengineering
#aws
#cybersecurity
#infosec
Check it out:
github.com/matanolabs/m...
#threathunting #detectionengineering
#aws
#cybersecurity
#infosec
GitHub - matanolabs/matano: Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS - matanolabs/matano
github.com
February 23, 2025 at 12:57 AM
Matano - An open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
Check it out:
github.com/matanolabs/m...
#threathunting #detectionengineering
#aws
#cybersecurity
#infosec
Check it out:
github.com/matanolabs/m...
#threathunting #detectionengineering
#aws
#cybersecurity
#infosec
Catalyst - A self-hosted, open source incident response platform and ticket system that helps to automate alert handling and incident response processes
Check it out 🔥🔥:
github.com/SecurityBrew...
#DFIR #incidentresponse #alerttriage #cybersecurity
Check it out 🔥🔥:
github.com/SecurityBrew...
#DFIR #incidentresponse #alerttriage #cybersecurity
GitHub - SecurityBrewery/catalyst: ⚡️ Catalyst is a self-hosted, open source incident response platform and ticket system that helps to automate alert handling and incident response processes
⚡️ Catalyst is a self-hosted, open source incident response platform and ticket system that helps to automate alert handling and incident response processes - SecurityBrewery/catalyst
github.com
February 8, 2025 at 4:39 PM
Catalyst - A self-hosted, open source incident response platform and ticket system that helps to automate alert handling and incident response processes
Check it out 🔥🔥:
github.com/SecurityBrew...
#DFIR #incidentresponse #alerttriage #cybersecurity
Check it out 🔥🔥:
github.com/SecurityBrew...
#DFIR #incidentresponse #alerttriage #cybersecurity
UTMStack - A customizable SIEM and XDR powered by real-time correlation and threat intelligence
Check it out 🔥🔥:
github.com/utmstack/UTM...
#threatintelligence #threathunting #SIEM #SOAR #detectionengineering #cybersecurity #infosec
Check it out 🔥🔥:
github.com/utmstack/UTM...
#threatintelligence #threathunting #SIEM #SOAR #detectionengineering #cybersecurity #infosec
GitHub - utmstack/UTMStack: Enterprise-ready SIEM, SOAR and Compliance powered by real-time correlation and threat intelligence.
Enterprise-ready SIEM, SOAR and Compliance powered by real-time correlation and threat intelligence. - utmstack/UTMStack
github.com
January 27, 2025 at 1:26 AM
UTMStack - A customizable SIEM and XDR powered by real-time correlation and threat intelligence
Check it out 🔥🔥:
github.com/utmstack/UTM...
#threatintelligence #threathunting #SIEM #SOAR #detectionengineering #cybersecurity #infosec
Check it out 🔥🔥:
github.com/utmstack/UTM...
#threatintelligence #threathunting #SIEM #SOAR #detectionengineering #cybersecurity #infosec
Venator - A flexible threat detection platform that simplifies rule management and deployment using K8s CronJob and Helm.
Check it out:
github.com/nianticlabs/...
#detectionengineering #threathunting #kubernetes #infosec #cybersecurity
Check it out:
github.com/nianticlabs/...
#detectionengineering #threathunting #kubernetes #infosec #cybersecurity
GitHub - nianticlabs/venator: A flexible threat detection platform that simplifies rule management and deployment using K8s CronJob and Helm, but can also run standalone or with other job schedulers l...
A flexible threat detection platform that simplifies rule management and deployment using K8s CronJob and Helm, but can also run standalone or with other job schedulers like Nomad. - nianticlabs/ve...
github.com
January 20, 2025 at 2:11 AM
Venator - A flexible threat detection platform that simplifies rule management and deployment using K8s CronJob and Helm.
Check it out:
github.com/nianticlabs/...
#detectionengineering #threathunting #kubernetes #infosec #cybersecurity
Check it out:
github.com/nianticlabs/...
#detectionengineering #threathunting #kubernetes #infosec #cybersecurity
Hayabusa - A sigma-based threat hunting and fast forensics 🔎 timeline generator for Windows event logs.
It can easily be integrated with other hunting & DFIR tools such as Velociraptor & OpenRelik.
Check it out 🔥🔥:
github.com/Yamato-Secur...
#threathunting #DFIR #sigma #cybersecurity #infosec
It can easily be integrated with other hunting & DFIR tools such as Velociraptor & OpenRelik.
Check it out 🔥🔥:
github.com/Yamato-Secur...
#threathunting #DFIR #sigma #cybersecurity #infosec
GitHub - Yamato-Security/hayabusa: Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs. - Yamato-Security/hayabusa
github.com
January 12, 2025 at 11:43 PM
Hayabusa - A sigma-based threat hunting and fast forensics 🔎 timeline generator for Windows event logs.
It can easily be integrated with other hunting & DFIR tools such as Velociraptor & OpenRelik.
Check it out 🔥🔥:
github.com/Yamato-Secur...
#threathunting #DFIR #sigma #cybersecurity #infosec
It can easily be integrated with other hunting & DFIR tools such as Velociraptor & OpenRelik.
Check it out 🔥🔥:
github.com/Yamato-Secur...
#threathunting #DFIR #sigma #cybersecurity #infosec
Yeti (Your Everyday Threat Intelligence) - A platform that manages forensics 🔍 intelligence and connects CTI with DFIR artifacts
Check it out 🔥🔥:
github.com/yeti-platfor...
#threatintelligence #DFIR #CTI #threathunting #cyberforensics #cybersecurity #infosec
Check it out 🔥🔥:
github.com/yeti-platfor...
#threatintelligence #DFIR #CTI #threathunting #cyberforensics #cybersecurity #infosec
GitHub - yeti-platform/yeti: Your Everyday Threat Intelligence
Your Everyday Threat Intelligence. Contribute to yeti-platform/yeti development by creating an account on GitHub.
github.com
January 4, 2025 at 4:11 AM
Yeti (Your Everyday Threat Intelligence) - A platform that manages forensics 🔍 intelligence and connects CTI with DFIR artifacts
Check it out 🔥🔥:
github.com/yeti-platfor...
#threatintelligence #DFIR #CTI #threathunting #cyberforensics #cybersecurity #infosec
Check it out 🔥🔥:
github.com/yeti-platfor...
#threatintelligence #DFIR #CTI #threathunting #cyberforensics #cybersecurity #infosec
YaraGuard - a static malware analysis tool that uses YARA rules as it's core
Check it out 🔥🔥:
github.com/RootMiner/Ya...
#yararules #threathunting #malwareanalysis
#cybersecurity #infosec
Check it out 🔥🔥:
github.com/RootMiner/Ya...
#yararules #threathunting #malwareanalysis
#cybersecurity #infosec
GitHub - RootMiner/YaraGuard: 👾 YaraGuard is a static malware analysis tool that uses YARA rules as it's core
👾 YaraGuard is a static malware analysis tool that uses YARA rules as it's core - RootMiner/YaraGuard
github.com
December 22, 2024 at 12:51 AM
YaraGuard - a static malware analysis tool that uses YARA rules as it's core
Check it out 🔥🔥:
github.com/RootMiner/Ya...
#yararules #threathunting #malwareanalysis
#cybersecurity #infosec
Check it out 🔥🔥:
github.com/RootMiner/Ya...
#yararules #threathunting #malwareanalysis
#cybersecurity #infosec
Ransomware Detection Using ML Models
github.com/muditmathur2...
#ransomware #ml #detectionengineering #threathunting #threatdetection #infosec #cybersecurity
github.com/muditmathur2...
#ransomware #ml #detectionengineering #threathunting #threatdetection #infosec #cybersecurity
GitHub - muditmathur2020/RansomwareDetection: Ransomware Detection using Machine Learning Models and Ensemble Technique
Ransomware Detection using Machine Learning Models and Ensemble Technique - muditmathur2020/RansomwareDetection
github.com
December 11, 2024 at 6:06 PM
Ransomware Detection Using ML Models
github.com/muditmathur2...
#ransomware #ml #detectionengineering #threathunting #threatdetection #infosec #cybersecurity
github.com/muditmathur2...
#ransomware #ml #detectionengineering #threathunting #threatdetection #infosec #cybersecurity
openSquat - An open-source tool for detecting domain look-alikes by searching for newly registered domains that might be impersonating legit domains and brands.
github.com/atenreiro/op...
#detectionengineering
#threatdetection #threathunting #cybersecurity #infosec
github.com/atenreiro/op...
#detectionengineering
#threatdetection #threathunting #cybersecurity #infosec
GitHub - atenreiro/opensquat: The openSquat is an open-source tool for detecting domain look-alikes by searching for newly registered domains that might be impersonating legit domains and brands.
The openSquat is an open-source tool for detecting domain look-alikes by searching for newly registered domains that might be impersonating legit domains and brands. - atenreiro/opensquat
github.com
December 3, 2024 at 7:38 PM
openSquat - An open-source tool for detecting domain look-alikes by searching for newly registered domains that might be impersonating legit domains and brands.
github.com/atenreiro/op...
#detectionengineering
#threatdetection #threathunting #cybersecurity #infosec
github.com/atenreiro/op...
#detectionengineering
#threatdetection #threathunting #cybersecurity #infosec
Reposted by Tanisha L. Turner
Acra - A database protection suite with field level encryption and intrusion detection that provides SQL injection prevention, honeypots, and support for both client and proxy encryption
Check it out:
github.com/cossacklabs/...
#threatdetection #databasesecurity #honeypot #cybersecurity #infosec
Check it out:
github.com/cossacklabs/...
#threatdetection #databasesecurity #honeypot #cybersecurity #infosec
GitHub - cossacklabs/acra: Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports clien...
Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side (&...
github.com
November 26, 2024 at 4:13 AM
Acra - A database protection suite with field level encryption and intrusion detection that provides SQL injection prevention, honeypots, and support for both client and proxy encryption
Check it out:
github.com/cossacklabs/...
#threatdetection #databasesecurity #honeypot #cybersecurity #infosec
Check it out:
github.com/cossacklabs/...
#threatdetection #databasesecurity #honeypot #cybersecurity #infosec
Acra - A database protection suite with field level encryption and intrusion detection that provides SQL injection prevention, honeypots, and support for both client and proxy encryption
Check it out:
github.com/cossacklabs/...
#threatdetection #databasesecurity #honeypot #cybersecurity #infosec
Check it out:
github.com/cossacklabs/...
#threatdetection #databasesecurity #honeypot #cybersecurity #infosec
GitHub - cossacklabs/acra: Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports clien...
Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side (&...
github.com
November 26, 2024 at 4:13 AM
Acra - A database protection suite with field level encryption and intrusion detection that provides SQL injection prevention, honeypots, and support for both client and proxy encryption
Check it out:
github.com/cossacklabs/...
#threatdetection #databasesecurity #honeypot #cybersecurity #infosec
Check it out:
github.com/cossacklabs/...
#threatdetection #databasesecurity #honeypot #cybersecurity #infosec
Mihari - A query aggregator for OSINT based threat hunting
github.com/ninoseki/mih...
Check it out: 🔥🔥
#threathunting #OSINT #cybersecurity #infosec
github.com/ninoseki/mih...
Check it out: 🔥🔥
#threathunting #OSINT #cybersecurity #infosec
GitHub - ninoseki/mihari: A query aggregator for OSINT based threat hunting
A query aggregator for OSINT based threat hunting. Contribute to ninoseki/mihari development by creating an account on GitHub.
github.com
November 23, 2024 at 1:46 AM
Mihari - A query aggregator for OSINT based threat hunting
github.com/ninoseki/mih...
Check it out: 🔥🔥
#threathunting #OSINT #cybersecurity #infosec
github.com/ninoseki/mih...
Check it out: 🔥🔥
#threathunting #OSINT #cybersecurity #infosec
Reposted by Tanisha L. Turner
Ronin vulns: A Ruby library that tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.
github.com/ronin-rb/ron...
#infosec
#cybersecurity
#threatdetection
#xss #SQLi
github.com/ronin-rb/ron...
#infosec
#cybersecurity
#threatdetection
#xss #SQLi
GitHub - ronin-rb/ronin-vulns: Tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), an...
Tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects. - ronin-rb...
github.com
November 19, 2024 at 3:53 AM
Ronin vulns: A Ruby library that tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.
github.com/ronin-rb/ron...
#infosec
#cybersecurity
#threatdetection
#xss #SQLi
github.com/ronin-rb/ron...
#infosec
#cybersecurity
#threatdetection
#xss #SQLi
Reposted by Tanisha L. Turner
abuse.ch/blog/communi... Many thanks to Roman and Abuse.ch for working tirelessly on this issue for the greater good.
abuse.ch | Community First - new authentication, new data, and new functionality
Community First - new authentication, new data, and new functionality
abuse.ch
November 19, 2024 at 4:42 PM
abuse.ch/blog/communi... Many thanks to Roman and Abuse.ch for working tirelessly on this issue for the greater good.
Ronin vulns: A Ruby library that tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.
github.com/ronin-rb/ron...
#infosec
#cybersecurity
#threatdetection
#xss #SQLi
github.com/ronin-rb/ron...
#infosec
#cybersecurity
#threatdetection
#xss #SQLi
GitHub - ronin-rb/ronin-vulns: Tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), an...
Tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects. - ronin-rb...
github.com
November 19, 2024 at 3:53 AM
Ronin vulns: A Ruby library that tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.
github.com/ronin-rb/ron...
#infosec
#cybersecurity
#threatdetection
#xss #SQLi
github.com/ronin-rb/ron...
#infosec
#cybersecurity
#threatdetection
#xss #SQLi
Reposted by Tanisha L. Turner
KQL Detection rule to identify MS Advisory personal note abuse. Did some testing and was able to add a URL to the note:
github.com/AttacktheSOC...
Related: www.bleepingcomputer.com/news/securit...
github.com/AttacktheSOC...
Related: www.bleepingcomputer.com/news/securit...
Azure-SecOps/KQL/Email-Collab/MS-Advisory-Note-Abuse.kql at main · AttacktheSOC/Azure-SecOps
Collection of different Azure/Entra focused solutions (Deployable templates, Function Apps, etc) - AttacktheSOC/Azure-SecOps
github.com
November 18, 2024 at 5:17 PM
KQL Detection rule to identify MS Advisory personal note abuse. Did some testing and was able to add a URL to the note:
github.com/AttacktheSOC...
Related: www.bleepingcomputer.com/news/securit...
github.com/AttacktheSOC...
Related: www.bleepingcomputer.com/news/securit...
Reposted by Tanisha L. Turner
Today I created a few KQL queries to detect AzureDevOps - Organization Settings changes.
github.com/alexverboon/...
#KQL #AzureDevOps #Security #Sentinel
github.com/alexverboon/...
#KQL #AzureDevOps #Security #Sentinel
November 18, 2024 at 9:54 PM
Today I created a few KQL queries to detect AzureDevOps - Organization Settings changes.
github.com/alexverboon/...
#KQL #AzureDevOps #Security #Sentinel
github.com/alexverboon/...
#KQL #AzureDevOps #Security #Sentinel
Community Generated Yara Rules for detection of malware families
github.com/harryeetsour...
#cybersecurity #infosec #yararules #malwaredetection #threathunting #malware #infosec
github.com/harryeetsour...
#cybersecurity #infosec #yararules #malwaredetection #threathunting #malware #infosec
GitHub - harryeetsource/yara_rules: community generated yara rules for detection of malware families
community generated yara rules for detection of malware families - harryeetsource/yara_rules
github.com
November 17, 2024 at 3:50 PM
Community Generated Yara Rules for detection of malware families
github.com/harryeetsour...
#cybersecurity #infosec #yararules #malwaredetection #threathunting #malware #infosec
github.com/harryeetsour...
#cybersecurity #infosec #yararules #malwaredetection #threathunting #malware #infosec
Reposted by Tanisha L. Turner
🚀More updates to the EDR Telemetry website!
✨ New Blog section - More posts on telemetry incoming
✨ New Mitre ATT&CK Mappings page
✨ Hover over the ⚠️(Partially) to see the reason
✨ Added "Legend" that describes each attribute
🗑️ The Google Sheet will no longer be updated.
✨ New Blog section - More posts on telemetry incoming
✨ New Mitre ATT&CK Mappings page
✨ Hover over the ⚠️(Partially) to see the reason
✨ Added "Legend" that describes each attribute
🗑️ The Google Sheet will no longer be updated.
November 20, 2024 at 4:55 PM
🚀More updates to the EDR Telemetry website!
✨ New Blog section - More posts on telemetry incoming
✨ New Mitre ATT&CK Mappings page
✨ Hover over the ⚠️(Partially) to see the reason
✨ Added "Legend" that describes each attribute
🗑️ The Google Sheet will no longer be updated.
✨ New Blog section - More posts on telemetry incoming
✨ New Mitre ATT&CK Mappings page
✨ Hover over the ⚠️(Partially) to see the reason
✨ Added "Legend" that describes each attribute
🗑️ The Google Sheet will no longer be updated.
Reposted by Tanisha L. Turner
The Free & Affordable Training site (training.dfirdiva.com) was created to help people find quality free and low cost training across various platforms. The main focus is #DFIR, #OSINT & Blue Team Training. Nothing listed is over $1,000.
Free and Affordable DFIR and Cybersecurity Training
Free and Affordable Training Resources with a Focus on DFIR / Blue Team. Digital Forensics, Incident Response, Malware Analysis, OSINT, Programming, Linux, and more.
training.dfirdiva.com
November 15, 2024 at 3:32 PM
The Free & Affordable Training site (training.dfirdiva.com) was created to help people find quality free and low cost training across various platforms. The main focus is #DFIR, #OSINT & Blue Team Training. Nothing listed is over $1,000.