Threathunter PlaybookA Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
Stars: ✭ 2,879 (+10973.08%)
Mutual labels: hunting
cbapi-pythonCarbon Black API - Python language bindings
Stars: ✭ 140 (+438.46%)
Mutual labels: edr
DEMto3D-QGIS-PluginExtensión GIS para impresión 3D de MDE
Stars: ✭ 33 (+26.92%)
Mutual labels: mde
Awesome Threat DetectionA curated list of awesome threat detection and hunting resources
Stars: ✭ 1,804 (+6838.46%)
Mutual labels: hunting
SWELFSimple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.
Stars: ✭ 23 (-11.54%)
Mutual labels: hunting
ElkeidElkeid is a Cloud-Native Host-Based Intrusion Detection solution project to provide next-generation Threat Detection and Behavior Audition with modern architecture.
Stars: ✭ 1,245 (+4688.46%)
Mutual labels: edr
WELAWELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
Stars: ✭ 442 (+1600%)
Mutual labels: hunting
Hfish安全、可靠、简单、免费的企业级蜜罐
Stars: ✭ 2,977 (+11350%)
Mutual labels: hunting
inkThe flexible TypeScript Markdown editor that powers https://octo.app
Stars: ✭ 82 (+215.38%)
Mutual labels: mde
KQLKQL queries for Advanced Hunting
Stars: ✭ 110 (+323.08%)
Mutual labels: hunting
Security OnionSecurity Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management
Stars: ✭ 2,956 (+11269.23%)
Mutual labels: hunting
hayabusaHayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Stars: ✭ 908 (+3392.31%)
Mutual labels: hunting
vue-showdowns-editorA markdown editor using codemirror and previewer using @jhuix/showdowns for Vue.js.
Stars: ✭ 27 (+3.85%)
Mutual labels: mde
r2yarar2yara - Module for Yara using radare2 information
Stars: ✭ 30 (+15.38%)
Mutual labels: hunting
TiEtwAgentPoC memory injection detection agent based on ETW, for offensive and defensive research purposes
Stars: ✭ 135 (+419.23%)
Mutual labels: edr
OwlyshieldOwlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact))..
Stars: ✭ 281 (+980.77%)
Mutual labels: edr
WhiteBeamWhiteBeam: Transparent endpoint security
Stars: ✭ 74 (+184.62%)
Mutual labels: edr
ScareCrow-CobaltStrikeCobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)
Stars: ✭ 387 (+1388.46%)
Mutual labels: edr