Repositories list

• cortex.xsoar

  Public
  The cortex.xsoar collection includes Ansible modules to help automate the management of Palo Alto Cortex XSOAR.

  ansiblecortexdemisto+ 1xsoar

  Python

  •

  GNU General Public License v3.0

  •5•6•0•2•Updated Jul 31, 2025Jul 31, 2025

• nviso-cti

  Public
  YARA

  •5•42•0•1•Updated Jul 11, 2025Jul 11, 2025

• AlwaysTrustUserCerts

  Public
  A Magisk/KernelSU module that automatically adds user certificates to the system root CA store

  Shell

  •227•2k•2•0•Updated Jun 24, 2025Jun 24, 2025

• disable-flutter-tls-verification

  Public
  A Frida script that disables Flutter's TLS verification

  C++

  •72•459•1•0•Updated May 19, 2025May 19, 2025

• KNOCKOUT

  Public
  The tool KNOCKOUT streamlines the collection and aggregation of incident response artifacts from multiple sources, significantly saving time during critical initial access phases of Red Team exercises.

  incident-responseartifactsred-teaming+ 1nviso-ares

  C#

  •

  MIT License

  •1•7•0•0•Updated Apr 15, 2025Apr 15, 2025

• cs2br-bof

  Public
  Run Cobalt Strike BOFs in Brute Ratel C4!

  offensive-securityred-teamnviso-ares

  C

  •

  BSD 3-Clause "New" or "Revised" License

  •16•68•0•0•Updated Apr 15, 2025Apr 15, 2025

• codasm

  Public
  Payload encoding utility to effectively lower payload entropy.

  shellcodepayloadoffensive-security+ 2red-teamnviso-ares

  Python

  •

  MIT License

  •15•119•0•0•Updated Apr 15, 2025Apr 15, 2025

• osquery-discord-notifier

  Public
  Monitor osquery logs and use an LLM to provide concise, user-friendly summaries of new events directly in Discord.

  Python

  •

  GNU General Public License v3.0

  •0•6•0•0•Updated Apr 9, 2025Apr 9, 2025

• sans-webinar-robocop

  Public
  This repository contains the demo code for the webcast organized by SANS titled "From Playbooks to Robocop: The Evolution of SOC Automation".

  agentaisans+ 2webcastautogen

  Python

  •1•7•0•0•Updated Mar 27, 2025Mar 27, 2025

• blogposts

  Public
  A repo to house files for our blogposts on blog.nviso.eu

  C++

  •17•72•0•0•Updated Mar 13, 2025Mar 13, 2025

• BitSight-Automation-Tool

  Public
  BitSight Automation was developed to automate certain manual procedures and extract information such as ratings, assets, findings, etc. This tool also provides the possibility to collaborate with Scheduled Tasks and cronjobs.

  Python

  •

  GNU General Public License v3.0

  •0•9•0•1•Updated May 21, 2024May 21, 2024

• cyber-security-llm-agents

  Public
  A collection of agents that use Large Language Models (LLMs) to perform tasks common on our day to day jobs in cyber security.

  aicybersecurityinfosec+ 3adversary-emulationcalderallm

  Jupyter Notebook

  •20•147•1•1•Updated May 7, 2024May 7, 2024

• posh-dsc-windows-hardening

  Public
  Windows OS Hardening with PowerShell DSC

  windowspowershell-dsccis-benchmark

  PowerShell

  •

  GNU General Public License v3.0

  •117•279•17•2•Updated Nov 23, 2023Nov 23, 2023

• IOXY

  Public
  MQTT intercepting proxy

  Go

  •

  GNU General Public License v3.0

  •20•138•4•0•Updated Aug 20, 2023Aug 20, 2023

• caldera

  Public archive
  An automated adversary emulation system

  Python

  •

  Apache License 2.0

  •1.2k•2•0•8•Updated Aug 1, 2023Aug 1, 2023

• sigma-public

  Public archive
  Generic Signature Format for SIEM Systems

  Python

  •2.4k•17•0•4•Updated Jul 25, 2023Jul 25, 2023

• brown-bags

  Public
  C#

  •25•112•0•2•Updated Jul 24, 2023Jul 24, 2023

• velociraptor

  Public archive
  Digging Deeper....

  Go

  •

  Other

  •542•0•0•3•Updated Jul 20, 2023Jul 20, 2023

• public-static-assets

  Public
  Images & other assets we want to statically include in documentation

  0•0•0•0•Updated Jun 30, 2023Jun 30, 2023

• pyCobaltHound

  Public
  pyCobaltHound is an Aggressor script extension for Cobalt Strike which aims to provide a deep integration between Cobalt Strike and Bloodhound.

  Python

  •

  GNU General Public License v3.0

  •21•137•0•1•Updated May 25, 2023May 25, 2023

• BlobRunner

  Public
  Quickly debug shellcode extracted during malware analysis

  C

  •

  MIT License

  •88•2•0•0•Updated May 23, 2023May 23, 2023

• ee-outliers

  Public archive
  Open-source framework to detect outliers in Elasticsearch events

  machine-learningstatisticsml+ 11statistical-analysisthreat-huntingsiemnetsecanomaly-detectioncirtsecurity-monitoring+ 4

  Python

  •

  GNU General Public License v3.0

  •33•209•29•4•Updated May 22, 2023May 22, 2023

• flare

  Public
  An analytical framework for network traffic and behavioral analytics

  Python

  •

  MIT License

  •87•2•0•1•Updated May 22, 2023May 22, 2023

• frida-ios-playground

  Public
  An iOS app that lets you practice your Frida skills

  Swift

  •21•176•1•0•Updated Apr 20, 2023Apr 20, 2023

• CobaltWhispers

  Public
  CobaltWhispers is an aggressor script that utilizes a collection of Beacon Object Files (BOF) for Cobalt Strike to perform process injection, persistence and more, leveraging direct syscalls (SysWhispers2) to bypass EDR/AV

  C

  •

  MIT License

  •34•236•1•0•Updated Jan 4, 2023Jan 4, 2023

• SEC599-Resources

  Public
  1•22•0•0•Updated Jan 2, 2023Jan 2, 2023

• Interceptor

  Public
  Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space

  C++

  •

  GNU General Public License v3.0

  •17•123•0•0•Updated Jan 2, 2023Jan 2, 2023

• Remote-Acquisition-and-Response

  Public archive
  Repository with files for remote acquisition of files / artifacts

  PowerShell

  •

  GNU General Public License v3.0

  •1•1•0•0•Updated Oct 5, 2022Oct 5, 2022

• assemblyline-service-autoit-ripper

  Public archive
  AutoIt unpacker service

  Python

  •

  MIT License

  •2•1•0•0•Updated Sep 19, 2022Sep 19, 2022

• assemblyline-service-msg-extractor

  Public archive
  Simple MSG extractor AssemblyLine service

  Python

  •

  MIT License

  •0•2•0•0•Updated Sep 19, 2022Sep 19, 2022