Projects

LOOBins (Living Off the Orchard: macOS Binaries)

Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in “living off the land” macOS binaries and how they can be used by threat actors for malicious purposes.

• LOOBins Website
• PyLOOBins PyPI Package
• LOOBins Github Repository

Awesome Detection Engineering

A curated list of tools and resources for Threat Detection Engineers.

• awesome-detection-engineering Github Repository

Practical Detection-as-Code

An example of how to deploy a Detection-as-Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.

• Practical Detection-as-Code Medium Article
• detection-as-code Github Repository

ATT&CK Navigator Layer Generator

A Python CLI utility for quickly converting a list or text file of MITRE ATT&CK parent technique IDs to a MITRE ATT&CK Navigator layer .JSON file.

• generate_attacknav_layer Github Repository