diff --git a/README.md b/README.md
index d2088b5..92b2298 100644
--- a/README.md
+++ b/README.md
@@ -93,10 +93,6 @@ This repository is created as an online bookmark for useful links, resources and
RTA provides a framework of scripts designed to allow blue teams to test their detection capabilities against malicious tradecraft, modeled after MITRE ATT&CK |
- fireeye/capa-rules |
- Standard collection of rules for capa: the tool for enumerating the capabilities of programs |
-
-
FSecureLABS/leonidas |
Automated Attack Simulation in the Cloud, complete with detection use cases. |
@@ -136,6 +132,10 @@ This repository is created as an online bookmark for useful links, resources and
praetorian-code/purple-team-attack-automation |
Praetorian's public release of our Metasploit automation of MITRE ATT&CK™ TTPs |
+
+ qsecure-labs/overlord |
+ Overlord - Red Teaming Infrastructure Automation |
+
ReconInfoSec/adversary-emulation-map |
Creates an ATT&CK Navigator map of an Adversary Emulation Plan |
@@ -463,6 +463,10 @@ This repository is created as an online bookmark for useful links, resources and
fireeye/capa |
capa detects capabilities in executable files. You run it against a PE file or shellcode and it tells you what it thinks the program can do. For example, it might suggest that the file is a backdoor, is capable of installing services, or relies on HTTP to communicate. |
+
+ fireeye/capa-rules |
+ Standard collection of rules for capa: the tool for enumerating the capabilities of programs |
+
fireeye/flare-floss |
FireEye Labs Obfuscated String Solver - Automatically extract obfuscated strings from malware. |