From 4fd370ee933742ba43814f9744c9dd866e9aca29 Mon Sep 17 00:00:00 2001
From: pe3zx <pe3zx@users.noreply.github.com>
Date: Tue, 21 Aug 2018 21:09:26 +0700
Subject: [PATCH] Tools: Digital Forensics and Incident Response:
 ptresearch/AttackDetection

---
 README.md | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index 7badce5..8519ddd 100644
--- a/README.md
+++ b/README.md
@@ -1225,14 +1225,6 @@ _return-to-libc techniques_
             This is a GUI (for Windows 64 bit) for a procedure to virtualize your EWF(E01), DD(Raw), AFF disk image file without converting it, directly with VirtualBox, forensically proof.
         </td>
     </tr>
-    <tr>
-        <td><a href="https://ossec.github.io/">OSSEC</a></td>
-        <td>Open Source HIDS SECurity</td>
-    </tr>
-    <tr>
-        <td><a href="https://github.com/williballenthin/INDXParse">williballenthin/INDXParse</a></td>
-        <td>Tool suite for inspecting NTFS artifacts</td>
-    </tr>
     <tr>
         <td>
             <a href="https://github.com/nshalabi/SysmonTools">nshalabi/SysmonTools</a>
@@ -1241,6 +1233,14 @@ _return-to-libc techniques_
             Utilities for Sysmon (Sysmon View and Sysmon Shell)
         </td>
     </tr>
+    <tr>
+        <td><a href="https://ossec.github.io/">OSSEC</a></td>
+        <td>Open Source HIDS SECurity</td>
+    </tr>
+    <tr>
+        <td><a href="https://github.com/ptresearch/AttackDetection">ptresearch/AttackDetection</a>
+        <td>The Attack Detection Team searches for new vulnerabilities and 0-days, reproduces it and creates PoC exploits to understand how these security flaws work and how related attacks can be detected on the network layer. Additionally, we are interested in malware and hackers’ TTPs, so we develop Suricata rules for detecting all sorts of such activities.</td>
+    </tr>
     <tr>
         <td><a href="https://github.com/refractionPOINT/limacharlie">refractionPOINT/limacharlie</a></td>
         <td>LC is an Open Source, cross-platform (Windows, MacOS, Linux ++), realtime Endpoint Detection and Response sensor. The extra-light sensor, once installed on a system provides Flight Data Recorder type information (telemetry on all aspects of the system like processes, DNS, network IO, file IO etc).</td>
@@ -1265,6 +1265,10 @@ _return-to-libc techniques_
         <td><a href="https://github.com/williballenthin/EVTXtract">williballenthin/EVTXtract</a></td>
         <td>EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.</td>
     </tr>
+    <tr>
+        <td><a href="https://github.com/williballenthin/INDXParse">williballenthin/INDXParse</a></td>
+        <td>Tool suite for inspecting NTFS artifacts</td>
+    </tr>
     <tr>
         <td><a href="https://github.com/williballenthin/process-forest">williballenthin/process-forest</a></td>
         <td>process-forest is a tool that processes Microsoft Windows EVTX event logs that contain process accounting events and reconstructs the historical process heirarchies.</td>