From 13e7aa6f8730aaa21ec2a01c0925a98aed39e6e5 Mon Sep 17 00:00:00 2001
From: pe3zx <pe3zx@users.noreply.github.com>
Date: Wed, 3 Feb 2021 13:02:40 +0700
Subject: [PATCH 1/2] Add sophos-ai/yaraml_rules to Malware Analysis section

---
 README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.md b/README.md
index dfe9bd6..c652c4e 100644
--- a/README.md
+++ b/README.md
@@ -1844,6 +1844,10 @@ This repository is created as an online bookmark for useful links, resources and
         <td><a href="https://malware.sekoia.fr/new">SEKOIA Dropper Analysis</a></td>
         <td>SEKOIA Dropper Analysis</td>
     </tr>
+    <tr>
+		<td><a href="https://github.com/sophos-ai/yaraml_rules">sophos-ai/yaraml_rules</a></td>
+		<td>Security ML models encoded as Yara rules</td>
+	</tr>
     <tr>
         <td><a href="https://github.com/SpamScope/spamscope">SpamScope/spamscope</a></td>
         <td>Fast Advanced Spam Analysis Tool</td>

From bfdea0c28b3529af85b5902795fd5e7b8d7fadce Mon Sep 17 00:00:00 2001
From: pe3zx <pe3zx@users.noreply.github.com>
Date: Wed, 3 Feb 2021 13:14:45 +0700
Subject: [PATCH 2/2] Add oxfemale/LogonCredentialsSteal to Credential Access
 section

---
 Offensive.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Offensive.md b/Offensive.md
index f4b41b7..44c96df 100644
--- a/Offensive.md
+++ b/Offensive.md
@@ -792,6 +792,10 @@ Some tools can be categorized in more than one category. But because the current
         <td>Kerberoast is a series of tools for attacking MS Kerberos implementations. Below is a brief overview of what
             each tool does.</td>
     </tr>
+    <tr>
+        <td><a href="https://github.com/oxfemale/LogonCredentialsSteal">oxfemale/LogonCredentialsSteal</a></td>
+        <td>LOCAL AND REMOTE HOOK msv1_0!SpAcceptCredentials from LSASS.exe and DUMP DOMAIN/LOGIN/PASSWORD IN CLEARTEXT to text file.</td>
+    </tr>
     <tr>
         <td><a href="https://github.com/peewpw/Invoke-WCMDump">peewpw/Invoke-WCMDump</a></td>
         <td>PowerShell Script to Dump Windows Credentials from the Credential Manager</td>