A collection of sources of documentation, as well as field best practices, to build/run a SOC

IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

Distributed malware processing framework based on Python, Redis and S3.

evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.

DomainClassifier is a Python (2/3) library to extract and classify Internet domains/hostnames/IP addresses from raw unstructured text files following their DNS existence, localization or attributes.

BGP ranking is a free software to calculate the security ranking of Internet Service Provider (ASN)

VINCE is the Vulnerability Information and Coordination Environment developed and used by the CERT Coordination Center to improve coordinated vulnerability disclosure. VINCE is a Python-based web platform.

Exporting MISP event attributes to yara rules usable with Thor apt scanner

Incident Response Network Tools

Home for TRANSITS materials

Detecting Cobalt Strike Team Servers on targets through traffic telemetry.

CSV processing and web related data types mutual conversion

Tools used by CSIRT and especially in the scope of CNW

CSIRT Tooling: Best Practices in Developing, Maintaining and Distributing Open Source Tools

Ransomware for demonstration

IntelMQ command line tool to process events and send out email notifications.

Automation SIG

Static configuration extractor for the Karton framework