{"payload":{"pageCount":1,"repositories":[{"type":"Public","name":"GhidraScripts","owner":"advanced-threat-research","isFork":false,"description":"Scripts to run within Ghidra, maintained by the Trellix ARC team","allTopics":[],"primaryLanguage":{"name":"Java","color":"#b07219"},"pullRequestCount":0,"issueCount":0,"starsCount":63,"forksCount":6,"license":"Apache License 2.0","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-02-07T13:07:00.468Z"}},{"type":"Public","name":"Yara-Rules","owner":"advanced-threat-research","isFork":false,"description":"Repository of YARA rules made by Trellix ATR Team","allTopics":["threat-hunting","iocs","yara","threat-intelligence"],"primaryLanguage":{"name":"YARA","color":"#220000"},"pullRequestCount":0,"issueCount":1,"starsCount":541,"forksCount":81,"license":"Apache License 2.0","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-12-21T08:25:57.064Z"}},{"type":"Public","name":"DotDumper","owner":"advanced-threat-research","isFork":false,"description":"An automatic unpacker and logger for DotNet Framework targeting files","allTopics":["dotnet","malware","automatic","unpacking"],"primaryLanguage":{"name":"C#","color":"#178600"},"pullRequestCount":0,"issueCount":1,"starsCount":241,"forksCount":30,"license":"Other","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-08-23T12:56:29.638Z"}},{"type":"Public","name":"DotDumperGUI","owner":"advanced-threat-research","isFork":false,"description":"A graphical user interface to easily read through, and filter, DotDumper JSON-based logs","allTopics":[],"primaryLanguage":{"name":"C#","color":"#178600"},"pullRequestCount":0,"issueCount":0,"starsCount":5,"forksCount":0,"license":"Apache License 2.0","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-05-11T07:08:19.929Z"}},{"type":"Public","name":"DotDumperNative","owner":"advanced-threat-research","isFork":false,"description":"The native (unmanaged) library which contains hooks for native functions that are hooked using DotDumper","allTopics":[],"primaryLanguage":{"name":"C++","color":"#f34b7d"},"pullRequestCount":0,"issueCount":0,"starsCount":1,"forksCount":0,"license":"Apache License 2.0","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-05-11T07:07:50.523Z"}},{"type":"Public","name":"NetLlix","owner":"advanced-threat-research","isFork":false,"description":"A project created with an aim to emulate and test exfiltration of data over different network protocols.","allTopics":[],"primaryLanguage":{"name":"C#","color":"#178600"},"pullRequestCount":1,"issueCount":0,"starsCount":32,"forksCount":6,"license":"Other","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-03-21T00:57:35.062Z"}},{"type":"Public","name":"Creosote","owner":"advanced-threat-research","isFork":false,"description":"Creosote is our solution to searching for the tarfile vulnerability described by CVE-2007-4559.","allTopics":[],"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":2,"issueCount":3,"starsCount":84,"forksCount":14,"license":"Other","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2022-09-23T08:24:16.793Z"}},{"type":"Public","name":"Expert-Rules","owner":"advanced-threat-research","isFork":false,"description":"","allTopics":["threat-detection","security"],"primaryLanguage":null,"pullRequestCount":1,"issueCount":0,"starsCount":17,"forksCount":3,"license":"Apache License 2.0","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2022-05-31T08:28:14.491Z"}},{"type":"Public","name":"Russian_CyberThreats_Yara","owner":"advanced-threat-research","isFork":false,"description":"Repository with aggregated public source yara rules","allTopics":[],"primaryLanguage":null,"pullRequestCount":0,"issueCount":0,"starsCount":3,"forksCount":1,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2022-03-02T16:13:06.259Z"}},{"type":"Public","name":"ATR_HAX_CTF_2022","owner":"advanced-threat-research","isFork":false,"description":"Trellix Advanced Threat Research CTF compitition of 2022","allTopics":[],"primaryLanguage":{"name":"Java","color":"#b07219"},"pullRequestCount":0,"issueCount":0,"starsCount":6,"forksCount":2,"license":"GNU General Public License v3.0","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2022-02-28T20:44:34.255Z"}},{"type":"Public","name":"ATR_HAX_CTF_2021","owner":"advanced-threat-research","isFork":false,"description":"McAfee Enterprise Advanced Threat Research Capture the Flag","allTopics":[],"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":0,"issueCount":0,"starsCount":10,"forksCount":4,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2022-02-26T00:34:21.269Z"}},{"type":"Public","name":"DarkSide-Config-Extract","owner":"advanced-threat-research","isFork":false,"description":"","allTopics":["reverse-engineering","ransomware"],"primaryLanguage":null,"pullRequestCount":0,"issueCount":0,"starsCount":32,"forksCount":10,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2021-10-29T04:46:47.463Z"}},{"type":"Public","name":"IOCs","owner":"advanced-threat-research","isFork":false,"description":"Repository containing IOCs, CSV and MISP JSON from our blogs","allTopics":[],"primaryLanguage":{"name":"HTML","color":"#e34c26"},"pullRequestCount":0,"issueCount":1,"starsCount":78,"forksCount":19,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2021-08-04T14:22:36.022Z"}},{"type":"Public","name":"Ripple-20-Detection-Logic","owner":"advanced-threat-research","isFork":false,"description":"Ripple20 Critical Vulnerabilities - Detection Logic and Signatures","allTopics":["lua","ipv6","rce","suricata","atr","cve","mcafee","suricata-rule","tcpip-stack","ripple20","treck","jsof","cve-2020-11901","cve-2020-11897","cve-2020-11896","dns","detection-logic","heap-overflow"],"primaryLanguage":{"name":"Lua","color":"#000080"},"pullRequestCount":0,"issueCount":0,"starsCount":12,"forksCount":4,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2021-05-28T17:40:42.111Z"}},{"type":"Public","name":"CVE-2020-16898","owner":"advanced-threat-research","isFork":false,"description":"CVE-2020-16898 (Bad Neighbor) Microsoft Windows TCP/IP Vulnerability Detection Logic and Rule","allTopics":["microsoft","windows-10","rce","suricata","atr","cve","neighbor-discovery","buffer-overflow","mcafee","neighbor-discovery-protocol","suricata-rule","icmpv6","buffer-overflow-vulnerability","tcpip-stack","cve-2020-16898","bad-neighbor","badneighbor","lua"],"primaryLanguage":{"name":"Lua","color":"#000080"},"pullRequestCount":0,"issueCount":0,"starsCount":207,"forksCount":31,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2020-10-26T10:15:32.483Z"}},{"type":"Public","name":"CVE-2020-16899","owner":"advanced-threat-research","isFork":false,"description":"CVE-2020-16899 - Microsoft Windows TCP/IP Vulnerability Detection Logic and Rule","allTopics":["microsoft","lua","windows-10","rce","suricata","atr","cve","neighbor-discovery","buffer-overflow","mcafee","neighbor-discovery-protocol","suricata-rule","icmpv6","buffer-overflow-vulnerability","tcpip-stack","cve-2020-16899","vulnerability"],"primaryLanguage":{"name":"Lua","color":"#000080"},"pullRequestCount":0,"issueCount":0,"starsCount":21,"forksCount":9,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2020-10-19T13:58:46.160Z"}},{"type":"Public","name":"xbypass","owner":"advanced-threat-research","isFork":false,"description":"A tool to facilitate ROP Chain Development for XML Character Sanitization","allTopics":[],"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":0,"issueCount":0,"starsCount":20,"forksCount":7,"license":"Other","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2019-05-09T15:58:48.218Z"}},{"type":"Public","name":"Threat-Reports","owner":"advanced-threat-research","isFork":false,"description":"Repository to store the Threat Reports made by the McAfee Enterprise ATR Team","allTopics":[],"primaryLanguage":null,"pullRequestCount":0,"issueCount":0,"starsCount":12,"forksCount":2,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2018-10-11T07:26:24.899Z"}}],"repositoryCount":18,"userInfo":null,"searchable":true,"definitions":[],"typeFilters":[{"id":"all","text":"All"},{"id":"public","text":"Public"},{"id":"source","text":"Sources"},{"id":"fork","text":"Forks"},{"id":"archived","text":"Archived"},{"id":"template","text":"Templates"}],"compactMode":false},"title":"Repositories"}