RuleSetRAT: A curated collection of YARA rules and structured JSON reports designed to identify and analyze various malware builder variants, for educational and research purposes only.
WorkloadIdentityInfoXdr: Function to get summarized overview of application and workload identities from IdentityInfo and OAuthAppInfo table with API Permissions, Azure RBAC- and Entra ID roles etc.
LOTS-Project-Rework: This folder acts as a "rework" of the original LOTS (Living Off Trusted Sites) Project - The LOTS-Project website never had a CSV and/or JSON
ysonet: Deserialization payload generator for a variety of .NET formatters - YSoNet is a fork and replacement of YSoSerial .Net - incs ysonet.exe -p sharepoint --cve=CVE-2025-49704 -var 2 -c "C:temp
Malware in Panda Image Hides Persistent Linux Threat - "This technique isn’t steganography but rather polyglot file abuse or malicious file embedding. " - ignore the AI
DFIR-IRIS: developed by Airbus CERT (France), is an open source solution designed to efficiently manage the entire incident response chain.
Shutting the Door on Vishing-Driven Data Theft in Salesforce - "UNC6040’s phone-phishers lure employees into approving a fake dataloader[.]io app, hijacking Salesforce APIs to siphon customer data."
SharePoint ToolShell | Zero-Day Exploited in-the-Wild Targets Enterprise Servers - "first observed ToolShell exploitation on July 17th, ahead of official Microsoft advisories."
Webshell Detection Script for Citrix Netscaler appliances - TLPCLEAR_check_script_cve-2025-6543-v1.7.sh
Modular PIC C2 Agents - "This makes it possible (at least in theory) to write a C2 agent that is made up of multiple individual PICOs, rather than a singular monolithic DLL or PIC code base"
