Repositories list

• Detection-and-Hunting-Queries

  Public
  This repository contains detection and threat hunting queries created by NVISO’s CSIRT and SOC teams.

  queriessentinelcybersecurity+ 11threat-huntingthreat-detectionkustokqldetection-engineeringdetectionskusto-language+ 4

  MIT License

  •0•10•0•0•Updated Feb 9, 2026Feb 9, 2026

• disable-flutter-tls-verification

  Public
  A Frida script that disables Flutter's TLS verification

  C++

  •83•557•3•0•Updated Jan 26, 2026Jan 26, 2026

• IOXY

  Public
  MQTT intercepting proxy

  Go

  •

  GNU General Public License v3.0

  •22•143•5•3•Updated Dec 5, 2025Dec 5, 2025

• cortex.xsoar

  Public

  NVISOsecurity/cortex.xsoar’s past year of commit activity
  The cortex.xsoar collection includes Ansible modules to help automate the management of Palo Alto Cortex XSOAR.

  ansiblecortexdemisto+ 1xsoar

  Python

  •

  GNU General Public License v3.0

  •7•6•0•1•Updated Aug 5, 2025Aug 5, 2025

• nviso-cti

  Public
  YARA

  •5•44•0•1•Updated Jul 11, 2025Jul 11, 2025

• AlwaysTrustUserCerts

  Public
  A Magisk/KernelSU module that automatically adds user certificates to the system root CA store

  Shell

  •255•2.4k•8•0•Updated Jun 24, 2025Jun 24, 2025

• KNOCKOUT

  Public
  The tool KNOCKOUT streamlines the collection and aggregation of incident response artifacts from multiple sources, significantly saving time during critical ini…

  incident-responseartifactsred-teaming+ 1nviso-ares

  C#

  •

  MIT License

  •2•7•0•0•Updated Apr 15, 2025Apr 15, 2025

• cs2br-bof

  Public
  Run Cobalt Strike BOFs in Brute Ratel C4!

  offensive-securityred-teamnviso-ares

  C

  •

  BSD 3-Clause "New" or "Revised" License

  •17•86•0•0•Updated Apr 15, 2025Apr 15, 2025

• codasm

  Public
  Payload encoding utility to effectively lower payload entropy.

  shellcodepayloadoffensive-security+ 2red-teamnviso-ares

  Python

  •

  MIT License

  •16•123•0•0•Updated Apr 15, 2025Apr 15, 2025

• osquery-discord-notifier

  Public
  Monitor osquery logs and use an LLM to provide concise, user-friendly summaries of new events directly in Discord.

  Python

  •

  GNU General Public License v3.0

  •1•6•0•0•Updated Apr 9, 2025Apr 9, 2025

• sans-webinar-robocop

  Public
  This repository contains the demo code for the webcast organized by SANS titled "From Playbooks to Robocop: The Evolution of SOC Automation".

  agentaisans+ 2webcastautogen

  Python

  •2•9•0•0•Updated Mar 27, 2025Mar 27, 2025

• blogposts

  Public
  A repo to house files for our blogposts on blog.nviso.eu

  C++

  •18•76•0•0•Updated Mar 13, 2025Mar 13, 2025

• BitSight-Automation-Tool

  Public
  BitSight Automation was developed to automate certain manual procedures and extract information such as ratings, assets, findings, etc. This tool also provides …

  Python

  •

  GNU General Public License v3.0

  •0•10•0•1•Updated May 21, 2024May 21, 2024

• cyber-security-llm-agents

  Public
  A collection of agents that use Large Language Models (LLMs) to perform tasks common on our day to day jobs in cyber security.

  aicybersecurityinfosec+ 3adversary-emulationcalderallm

  Jupyter Notebook

  •48•250•1•1•Updated May 7, 2024May 7, 2024

• posh-dsc-windows-hardening

  Public

  NVISOsecurity/posh-dsc-windows-hardening’s past year of commit activity
  Windows OS Hardening with PowerShell DSC

  windowspowershell-dsccis-benchmark

  PowerShell

  •

  GNU General Public License v3.0

  •116•290•17•2•Updated Nov 23, 2023Nov 23, 2023

• caldera

  Public archive
  An automated adversary emulation system

  Python

  •

  Apache License 2.0

  •1.3k•2•0•8•Updated Aug 1, 2023Aug 1, 2023

• sigma-public

  Public archive
  Generic Signature Format for SIEM Systems

  Python

  •2.5k•18•0•4•Updated Jul 25, 2023Jul 25, 2023

• brown-bags

  Public
  C#

  •25•112•1•2•Updated Jul 24, 2023Jul 24, 2023

• velociraptor

  Public archive
  Digging Deeper....

  Go

  •

  Other

  •596•1•0•3•Updated Jul 20, 2023Jul 20, 2023

• public-static-assets

  Public
  Images & other assets we want to statically include in documentation

  0•0•0•0•Updated Jun 30, 2023Jun 30, 2023

• pyCobaltHound

  Public
  pyCobaltHound is an Aggressor script extension for Cobalt Strike which aims to provide a deep integration between Cobalt Strike and Bloodhound.

  Python

  •

  GNU General Public License v3.0

  •19•135•0•1•Updated May 25, 2023May 25, 2023

• BlobRunner

  Public
  Quickly debug shellcode extracted during malware analysis

  C

  •

  MIT License

  •87•3•0•0•Updated May 23, 2023May 23, 2023

• ee-outliers

  Public archive
  Open-source framework to detect outliers in Elasticsearch events

  machine-learningstatisticsml+ 11statistical-analysisoutliersoutlier-detectionthreat-huntingsiemnetsecanomaly-detection+ 4

  Python

  •

  GNU General Public License v3.0

  •33•206•29•4•Updated May 22, 2023May 22, 2023

• flare

  Public
  An analytical framework for network traffic and behavioral analytics

  Python

  •

  MIT License

  •88•2•0•1•Updated May 22, 2023May 22, 2023

• frida-ios-playground

  Public
  An iOS app that lets you practice your Frida skills

  Swift

  •22•193•1•0•Updated Apr 20, 2023Apr 20, 2023

• CobaltWhispers

  Public
  CobaltWhispers is an aggressor script that utilizes a collection of Beacon Object Files (BOF) for Cobalt Strike to perform process injection, persistence and mo…

  C

  •

  MIT License

  •35•243•1•0•Updated Jan 4, 2023Jan 4, 2023

• SEC599-Resources

  Public
  1•23•0•0•Updated Jan 2, 2023Jan 2, 2023

• Interceptor

  Public
  Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space

  C++

  •

  GNU General Public License v3.0

  •19•136•0•0•Updated Jan 2, 2023Jan 2, 2023

• Remote-Acquisition-and-Response

  Public archive
  Repository with files for remote acquisition of files / artifacts

  PowerShell

  •

  GNU General Public License v3.0

  •1•1•0•0•Updated Oct 5, 2022Oct 5, 2022

• assemblyline-service-autoit-ripper

  Public archive
  AutoIt unpacker service

  Python

  •

  MIT License

  •2•1•0•0•Updated Sep 19, 2022Sep 19, 2022