Loki
Loki - Simple IOC and YARA Scanner (by Neo23x0)
DeepBlueCLI
By sans-blue-team
Our great sponsors
Loki | DeepBlueCLI | |
---|---|---|
12 | 4 | |
3,219 | 2,080 | |
- | 1.5% | |
5.7 | 6.1 | |
about 2 months ago | 7 months ago | |
Python | PowerShell | |
GNU General Public License v3.0 only | GNU General Public License v3.0 only |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Loki
Posts with mentions or reviews of Loki.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-01-31.
-
My Boss Downloaded and Opened a .lnk File and Installed a Malware in His Device
You should run a tool like loki for ioc scanning. This will identify persistence https://github.com/Neo23x0/Loki
-
Deep system malware detection
Link to Loki is here just in case you need it. https://github.com/Neo23x0/Loki
-
What are some of the most frequently used (or favorite) tools in your toolbox?
Loki - YARA/IOC scanner
-
PChunter equivalent on Linux?
loki
- Rage about CVE dataset quality(?)
-
Cybersecurity professionals - what’s your “toolkit”/process to check a desktop PC is clean (or infected), before concluding that a reinstall of the OS is needed?
https://github.com/Neo23x0/Loki is a good tool to check for the presence of anomalies.
-
Which rootkit scanner to use in a could environment ?
Nextron Thor Scanner
-
Proxyshell Vulnerability is Actively used in Exchange servers
Loki - Yara Scanning is recommended for checking the webshell https://github.com/Neo23x0/Loki
-
Question about spyware
I am not an expert, but this is what I would start by doing. Ideally, if you can read javascript, try and understand what the tampermonkey script does. If you still have script, you could try analysing it with tools such as loki. Even if loki doesnt match it you could compute the sha256 signature and look it up on valhalla.
- Is it possible to write an antivirus in python?
DeepBlueCLI
Posts with mentions or reviews of DeepBlueCLI.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-02-08.
-
Is it possible to secure Powershell with MFA?
If you don't have a SIEM/EDR setup for detecting suspicious PowerShell usage, you can also use DeepBlueCLI by Eric Conrad - https://github.com/sans-blue-team/DeepBlueCLI
- Is it possible to analyze old Windows Event Logs to find IOAs or IOCs with Wazuh?
-
What are some of the most frequently used (or favorite) tools in your toolbox?
DeepBlueCLI - Event log parsing for suspicious behavior
-
Getting started on detecting and responding to cybersecurity incidents
If you think that the alert is malicious figure out what has happened. Save hosts security events to a file and run them through DeepBlueCLI(https://github.com/sans-blue-team/DeepBlueCLI). It's a PowerShell tool for detecting threats from Windows logs.
What are some alternatives?
When comparing Loki and DeepBlueCLI you can also consider the following projects:
yara - The pattern matching swiss knife
ATTACK - MITRE ATT&CK Windows Logging Cheat Sheets
reversinglabs-yara-rules - ReversingLabs YARA Rules
BloodHound - Six Degrees of Domain Admin
signature-base - YARA signature and IOC database for my scanners and tools
SilkETW
hazedumper - up to date csgo offsets and hazedumper config
Veil-Evasion - Veil Evasion is no longer supported, use Veil 3.0!
pyHanko - pyHanko: sign and stamp PDF files
Veil - Veil 3.1.X (Check version info in Veil at runtime)
malware-ioc - Indicators of Compromises (IOC) of our various investigations
yaramanager - Simple yara rule manager