FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is designed to be used in conjunction with a SIEM or other log ag…

A repository of sysmon configuration modules

Scan strings or files for malware using the Windows Antimalware Scan Interface

XNTSV program for detailed viewing of system structures for Windows.

Scan files or process memory for CobaltStrike beacons and parse their configuration

Rapidly Search and Hunt through Windows Forensic Artefacts

Elastic Security detection content for Endpoint

Counter-Strike: 2 Offset Dumper

Extracted Yara rules from Windows Defender mpavbase and mpasbase

Simulate the behavior of AV/EDR for malware development training.

blint is a Binary Linter that checks the security properties and capabilities of your executables. It can also generate a Software Bill-of-Materials (SBOM) for supported binaries.

Collect Windows telemetry for Maldev

Open Source EDR for Windows

Aims to identify sleeping beacons

A list of JARM hashes for different ssl implementations used by some C2/red team tools.

A secure sandbox environment for malware developers and red teamers to test payloads against detection mechanisms before deployment. Integrates with LLM agents via MCP for enhanced analysis capabil…

Monitors ETW for security relevant syscalls maintaining the set called by each unique process