Threat IntelArchive of publicly available threat INTel reports (mostly APT Reports but not limited to).
MihariA helper to run OSINT queries & manage results continuously
Threathunter PlaybookA Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
OsweepDon't Just Search OSINT. Sweep It.
Threat HuntingPersonal compilation of APT malware from whitepaper releases, documents and own research
Werdlists⌨️ Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases
Yara RulesA collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.
SlidesMisc Threat Hunting Resources
Adaz🔧 Automatically deploy customizable Active Directory labs in Azure
WhidsOpen Source EDR for Windows
WefflesBuild a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI
PhishingkithunterFind phishing kits which use your brand/organization's files and image.
Pcap AttackPCAP Samples for Different Post Exploitation Techniques
Ee OutliersOpen-source framework to detect outliers in Elasticsearch events
PatrowlenginesPatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
SiemSIEM Tactics, Techiques, and Procedures
OrianaOriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
OpensquatDetection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.
IntelowlIntel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
Threatbus🚌 The missing link to connect open-source threat intelligence tools.
MthcAll-in-one bundle of MISP, TheHive and Cortex
PatrowldocsPatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Awesome YaraA curated list of awesome YARA rules, tools, and people.
DovehawkDovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings
DetectionsThis repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant yara rules and ids signatures to detect these indicators.
ThreathuntThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.
PatrowlhearsPatrowlHears - Vulnerability Intelligence Center / Exploits
TelerReal-time HTTP Intrusion Detection
Malware FeedBringing you the best of the worst files on the Internet.
YetiYour Everyday Threat Intelligence
RpotReal-time Packet Observation Tool
BeagleBeagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
BesafeBeSafe is robust threat analyzer which help to protect your desktop environment and know what's happening around you
ApulloA scanner for taking basic fingerprints
ThreathuntingA Splunk app mapped to MITRE ATT&CK to guide your threat hunts
BluespawnAn Active Defense and EDR software to empower Blue Teams
Sentinel AttackTools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Auditd AttackA Linux Auditd rule set mapped to MITRE's Attack Framework
KlaraKaspersky's GReAT KLara
FattFATT /fingerprintAllTheThings - a pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic
FclFCL (Fileless Command Lines) - Known command lines of fileless malicious executions
PatrowlmanagerPatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
WatcherWatcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
MispMISP (core software) - Open Source Threat Intelligence and Sharing Platform
Apt HunterAPT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
MeerkatA collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
Misp GalaxyClusters and elements to attach to MISP events or attributes (like threat actors)