DetectionlabelkDetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
Sysmon ConfigSysmon configuration file template with default high-quality event tracing
AttackdatamapA datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
DnstwistDomain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
ThreatpinchlookupDocumentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
StalkphishStalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.
pybinaryedgePython 3 Wrapper for the BinaryEdge API https://www.binaryedge.io/
irmaenpoint detection / live analysis & sandbox host / signatures quality test
OSINT-BrazucaRepositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.
IronNetTRThreat research and reporting from IronNet's Threat Research Teams
YAFRAYAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.
fastfinderIncident Response - Fast suspicious file finder
Vendor-Threat-Triage-LookupLookup file hashes, domain names and IP addresses using various vendors to assist with triaging potential threats.
pyetiPython bindings for Yeti's API
detection-rulesThreat Detection & Anomaly Detection rules for popular open-source components
BLUELAYSearches online paste sites for certain search terms which can indicate a possible data breach.
S2ANS2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator
ScrummageThe Ultimate OSINT and Threat Hunting Framework
kestrel-langKestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel.
hassh-utilshassh-utils: Nmap NSE Script and Docker image for HASSH - the SSH client/server fingerprinting method (https://github.com/salesforce/hassh)
sqhunterA simple threat hunting tool based on osquery, Salt Open and Cymon API
ETWNetMonv3ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
PowerGRRPowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.
MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
SSHapendoesCapture passwords of login attempts on non-existent and disabled accounts.
ELK-HuntingThreat Hunting with ELK Workshop (InfoSecWorld 2017)
malware-persistenceCollection of malware persistence and hunting information. Be a persistent persistence hunter!
ps-srum-huntingPowerShell Script to facilitate the processing of SRUM data for on-the-fly forensics and if needed threat hunting
thremulation-stationSmall-scale threat emulation and detection range built on Elastic and Atomic Redteam.
SysmonResourcesConsolidation of various resources related to Microsoft Sysmon & sample data/log
DomainCATDomain Connectivity Analysis Tools to analyze aggregate connectivity patterns across a set of domains during security investigations
OwlyshieldOwlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact))..
utilitiesThis repository contains tools used by 401trg.
Judge-Jury-and-ExecutableA file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.
mail to mispConnect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.
evtx-hunterevtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.