rita-legacy
Traffic analyzer
Analyzes network traffic to detect command and control communication behaviors.
Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.
3k stars
112 watching
362 forks
Language: Go
last commit: 4 months ago analysisanalyticsbeaconbeacon-snifferbhisblueteambro-idsdgadnsdns-tunnelinglogsnetwork-trafficoffensive-countermeasuresritascanningsecuritythreat
Related projects:
| Repository | Description | Stars |
|---|---|---|
| activecm/rita | A framework for detecting malicious communication patterns in network traffic by analyzing Zeek logs. | 194 |
 stamparm/maltrail | Detects and analyzes malicious traffic patterns to identify potential security threats. | 6,535 |
 raihan2006i/active_admin_paranoia | Adds batch restore and archive actions to ActiveAdmin resource index pages | 29 |
 cybermonitor/apt_cybercriminal_campagin_collections | A collection of APT and cybercriminal campaign data, including malware samples and threat intelligence | 3,723 |
 zabbix/zabbix | An enterprise-class monitoring solution designed to track performance and availability of IT resources and services in real-time. | 4,408 |
 opennhp/opennhp | A Zero Trust networking protocol to hide servers and data from attackers by utilizing cryptography at the OSI 5th layer. | 13,513 |
 eremit4/cs-discovery | Detects malicious servers in network traffic by analyzing encoded byte patterns | 20 |
 security-onion-solutions/securityonion | An integrated security monitoring and threat hunting platform that collects, analyzes, and responds to network traffic data | 3,293 |
 nationalsecurityagency/ghidra | A software reverse engineering framework with disassembler and analysis tools | 51,809 |
| activecm/beaker | Aggregates Microsoft Sysmon network events with Elasticsearch and Kibana for threat hunting analysis | 285 |
 ch3k1/squidmagic | Analyzes web-based network traffic to detect malicious command and control servers using Squid proxy server and Spamhaus | 78 |
 akamai/luda | Develops real-time URL-based malware detection system using regexes and clustering | 74 |
 byt3bl33d3r/deathstar | Automates gaining Domain and/or Enterprise Admin rights in Active Directory environments using offensive TTPs | 1,585 |
 google/tsunami-security-scanner | An open-source network security scanner with an extensible plugin system to detect high-severity vulnerabilities. | 8,274 |
 orange-cyberdefense/goad | An Active Directory pentest lab project providing a vulnerable environment for security testing and practice. | 5,416 |