└── README.md


/README.md:
--------------------------------------------------------------------------------
  1 | # BlueLedger
  2 | 
  3 | A list of my personal and community supported projects on Github and all other locations
  4 | 
  5 | ## Signatures
  6 | 
  7 | ### Sigma
  8 | 
  9 | Generic Signature Format for SIEM Systems
 10 | 
 11 | [https://github.com/Neo23x0/sigma](https://github.com/Neo23x0/sigma)
 12 | 
 13 | ### Signature Base
 14 | 
 15 | Community supported YARA signature database for my scanners LOKI and THOR Lite
 16 | 
 17 | [https://github.com/Neo23x0/signature-base](https://github.com/Neo23x0/signature-base)
 18 | 
 19 | ### Godmode Rules
 20 | 
 21 | PoC rules that cover a lot of different techniques and generic indicators. The mantra is `If you had only one shot, what would you aim for?` 
 22 | 
 23 | Sigma
 24 | [https://gist.github.com/Neo23x0/811db09add59068a7a80273d7e5f6e0f](https://gist.github.com/Neo23x0/811db09add59068a7a80273d7e5f6e0f)
 25 | 
 26 | YARA
 27 | [https://gist.github.com/Neo23x0/f1bb645a4f715cb499150c5a14d82b44](https://gist.github.com/Neo23x0/f1bb645a4f715cb499150c5a14d82b44)
 28 | 
 29 | ## Scanners
 30 | 
 31 | ### LOKI
 32 | 
 33 | Loki - Simple IOC Scanner
 34 | 
 35 | [https://github.com/Neo23x0/Loki](https://github.com/Neo23x0/Loki)
 36 | 
 37 | ### THOR Lite 
 38 | 
 39 | Fast and flexible multi-platform IOC and YARA scanner
 40 | 
 41 | [https://www.nextron-systems.com/thor-lite/](https://www.nextron-systems.com/thor-lite/)
 42 | 
 43 | ### Fenrir
 44 | 
 45 | Simple Bash IOC Scanner
 46 | 
 47 | [https://github.com/Neo23x0/Fenrir](https://github.com/Neo23x0/Fenrir)
 48 | 
 49 | ## Malware Protection
 50 | 
 51 | ### Raccine
 52 | 
 53 | A Simple Ransomware Protection
 54 | 
 55 | [https://github.com/Neo23x0/Raccine](https://github.com/Neo23x0/Raccine)
 56 | 
 57 | ## Signature Work
 58 | 
 59 | ### yarGen
 60 | 
 61 | A YARA rule generator
 62 | 
 63 | [https://github.com/Neo23x0/yarGen](https://github.com/Neo23x0/yarGen)
 64 | 
 65 | ### Munin
 66 | 
 67 | Online hash checker for Virustotal and other services
 68 | 
 69 | [https://github.com/Neo23x0/munin](https://github.com/Neo23x0/munin)
 70 | 
 71 | ### Panopticon
 72 | 
 73 | A YARA rule performance measurement tool
 74 | 
 75 | [https://github.com/Neo23x0/panopticon](https://github.com/Neo23x0/panopticon)
 76 | 
 77 | ### Xorex 
 78 | 
 79 | XOR Key Evaluator for Encrypted Executables
 80 | 
 81 | [https://github.com/Neo23x0/xorex](https://github.com/Neo23x0/xorex)
 82 | 
 83 | ### yarAnalyzer
 84 | 
 85 | Yara Rule Analyzer and Statistics
 86 | 
 87 | [https://github.com/Neo23x0/yarAnalyzer](https://github.com/Neo23x0/yarAnalyzer)
 88 | 
 89 | ### Fnord
 90 | 
 91 | A pattern extractor for obfuscated code
 92 | 
 93 | [https://github.com/Neo23x0/Fnord](https://github.com/Neo23x0/Fnord)
 94 | 
 95 | ### YARA Rule Hash Generator
 96 | 
 97 | A generator that creates a unique hash over the relevant sections of a YARA rule
 98 | 
 99 | [https://gist.github.com/Neo23x0/81990b8e5eb351a118dca1d5f2a2a86b](https://gist.github.com/Neo23x0/81990b8e5eb351a118dca1d5f2a2a86b)
100 | 
101 | ### Base64 Encodings Learning Aid
102 | 
103 | Learning aid with the most common base64 encoded strings seen in malicious code
104 | 
105 | [https://gist.github.com/Neo23x0/6af876ee72b51676c82a2db8d2cd3639](https://gist.github.com/Neo23x0/6af876ee72b51676c82a2db8d2cd3639)
106 | 
107 | ### YARA Rule Performance Guidelines
108 | 
109 | Guidelines to help you write YARA rules that are fast and don't consume a lot of memory
110 | 
111 | [https://gist.github.com/Neo23x0/e3d4e316d7441d9143c7](https://gist.github.com/Neo23x0/e3d4e316d7441d9143c7)
112 | 
113 | ### How to write YARA Rules Guides
114 | 
115 | a bit outdated but still okay
116 | 
117 | [How to Write Simple but Sound YARA Rules - Part1](https://www.nextron-systems.com/2015/02/16/write-simple-sound-yara-rules/)
118 | 
119 | [How to Write Simple but Sound YARA Rules - Part2](https://www.nextron-systems.com/2015/10/17/how-to-write-simple-but-sound-yara-rules-part-2/)
120 | 
121 | [How to Write Simple but Sound YARA Rules - Part3](https://www.nextron-systems.com/2016/04/15/how-to-write-simple-but-sound-yara-rules-part-3/)
122 | 
123 | [50 Shades of YARA](https://www.nextron-systems.com/2019/01/02/50-shades-of-yara/)
124 | 
125 | [How to Create a YARA Rule for a Compromised Certificate](https://www.nextron-systems.com/2018/11/01/short-tutorial-how-to-create-a-yara-rule-for-a-compromised-certificate/)
126 | 
127 | ## Security Monitoring
128 | 
129 | ### AntiVirus Event Analysis Cheat Sheet
130 | 
131 | A cheat sheet that help security monitoring anylsts process events from their antivirus products in a reasonable manner.
132 | 
133 | [https://www.nextron-systems.com/?s=antivirus](https://www.nextron-systems.com/?s=antivirus)
134 | 
135 | ### Web Proxy Event Analysis Cheat Sheet
136 | 
137 | A cheat sheet that help security monitoring anylsts process events from their web proxy products in a reasonable manner.
138 | 
139 | [https://www.nextron-systems.com/?s=proxy+cheat](https://www.nextron-systems.com/?s=proxy+cheat)
140 | 
141 | ### Auditd Best Practice Configuration 
142 | 
143 | Best practice configuration for the Linux/Unix audit daemon.
144 | 
145 | [https://github.com/Neo23x0/auditd](https://github.com/Neo23x0/auditd)
146 | 
147 | ## Threats
148 | 
149 | ### APT Groups and Operations Sheet
150 | 
151 | A Google Docs spreadsheet that tracks the different names and campaign of well-known threat groups.
152 | 
153 | [https://docs.google.com/spreadsheets/d/e/2PACX-1vTheajUWzRhTK0XhSI3_RnYVtUJvl8mlX8HlThPyCJGK1g5SBecgS78O1oeTFQxDYS0oWlKTg2pNLyb/pubhtml](https://docs.google.com/spreadsheets/d/e/2PACX-1vTheajUWzRhTK0XhSI3_RnYVtUJvl8mlX8HlThPyCJGK1g5SBecgS78O1oeTFQxDYS0oWlKTg2pNLyb/pubhtml)
154 | 
155 | ### APT Simulator
156 | 
157 | APT Simulator is a Windows Batch script that uses a set of tools and output files to make a system look as if it was compromised (probably the most basic and simplest threat simulation tool available)
158 | 
159 | [https://github.com/NextronSystems/APTSimulator](https://github.com/NextronSystems/APTSimulator)
160 | 
161 | ### Article: The Newcomer’s Guide to Cyber Threat Actor Naming
162 | 
163 | [https://medium.com/@cyb3rops/the-newcomers-guide-to-cyber-threat-actor-naming-7428e18ee263](https://medium.com/@cyb3rops/the-newcomers-guide-to-cyber-threat-actor-naming-7428e18ee263)
164 | 
165 | ### Article: How to Fall Victim to Advanced Persistent Threats
166 | 
167 | [https://www.nextron-systems.com/2016/05/04/how-to-fall-victim-to-apt/](https://www.nextron-systems.com/2016/05/04/how-to-fall-victim-to-apt/)
168 | 
169 | ## Slide Decks
170 | 
171 | ### Security Analyst Workshop
172 | 
173 | Security analyst workshop slides, with useful tools and services
174 | 
175 | [https://www.slideshare.net/FlorianRoth2/security-analyst-workshop-20200212](https://www.slideshare.net/FlorianRoth2/security-analyst-workshop-20200212)
176 | 
177 | ### Maturity Model of Security Disciplines
178 | 
179 | Maturity Model of Security Disciplines (includes the table with the top log sources)
180 | 
181 | [https://www.slideshare.net/FlorianRoth2/maturity-model-of-security-disciplines](https://www.slideshare.net/FlorianRoth2/maturity-model-of-security-disciplines)
182 | 
183 | ### Ransomware Resistance
184 | 
185 | The Pareto principle applied to a list of measures that increase malware resistance
186 | 
187 | [https://www.slideshare.net/FlorianRoth2/ransomware-resistance](https://www.slideshare.net/FlorianRoth2/ransomware-resistance)
188 | 
189 | ### 50 Shades of Sigma
190 | 
191 | Describe and Share Generic Threat Detection Methods
192 | 
193 | [https://web.tresorit.com/l/lN841#uqbRHdXCFzVVX8obs1OEUw&viewer=HzCnrjmYjRWrou0r2qMfspRZSPFyv4RC](https://web.tresorit.com/l/lN841#uqbRHdXCFzVVX8obs1OEUw&viewer=HzCnrjmYjRWrou0r2qMfspRZSPFyv4RC)
194 | 
195 | ## Other
196 | 
197 | ### DLLRunner
198 | 
199 | A tool to run DLL files in sandbox systems (from October 2014)
200 | 
201 | [https://github.com/Neo23x0/DLLRunner](https://github.com/Neo23x0/DLLRunner)
202 | 
203 | ### RadioCarbon
204 | 
205 | A leak file analyzer
206 | 
207 | [https://github.com/Neo23x0/radiocarbon](https://github.com/Neo23x0/radiocarbon)
208 | 
209 | ## Project Ideas
210 | 
211 | ... (TBA)
212 | 


--------------------------------------------------------------------------------