GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → MiladMSFT → Threathunt

MiladMSFT / Threathunt

Licence: mit
ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.

Programming Languages

powershell
5483 projects

Labels

dfirincident-responsethreat-huntingblueteam

Projects that are alternatives of or similar to Threathunt

MindMaps
#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (+143.48%)
Mutual labels:  incident-response, dfir, threat-hunting
Mthc
All-in-one bundle of MISP, TheHive and Cortex
Stars: ✭ 134 (+45.65%)
Mutual labels:  dfir, incident-response, threat-hunting
Oriana
Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
Stars: ✭ 152 (+65.22%)
Mutual labels:  dfir, incident-response, threat-hunting
ir scripts
incident response scripts
Stars: ✭ 17 (-81.52%)
Mutual labels:  incident-response, dfir, threat-hunting
Beagle
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Stars: ✭ 976 (+960.87%)
Mutual labels:  dfir, incident-response, threat-hunting
rhq
Recon Hunt Queries
Stars: ✭ 66 (-28.26%)
Mutual labels:  incident-response, dfir, threat-hunting
fastfinder
Incident Response - Fast suspicious file finder
Stars: ✭ 116 (+26.09%)
Mutual labels:  incident-response, dfir, threat-hunting
Threatpinchlookup
Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Stars: ✭ 257 (+179.35%)
Mutual labels:  dfir, incident-response, threat-hunting
Awesome Incident Response
A curated list of tools for incident response
Stars: ✭ 4,753 (+5066.3%)
Mutual labels:  dfir, incident-response
Threatingestor
Extract and aggregate threat intelligence.
Stars: ✭ 439 (+377.17%)
Mutual labels:  dfir, threat-hunting
Sysmon Modular
A repository of sysmon configuration modules
Stars: ✭ 1,229 (+1235.87%)
Mutual labels:  dfir, threat-hunting
Fcl
FCL (Fileless Command Lines) - Known command lines of fileless malicious executions
Stars: ✭ 409 (+344.57%)
Mutual labels:  incident-response, threat-hunting
Patrowlmanager
PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Stars: ✭ 363 (+294.57%)
Mutual labels:  incident-response, threat-hunting
Cyberchef Recipes
A list of cyber-chef recipes and curated links
Stars: ✭ 619 (+572.83%)
Mutual labels:  dfir, incident-response
Thehivedocs
Documentation of TheHive
Stars: ✭ 353 (+283.7%)
Mutual labels:  dfir, incident-response
My Arsenal Of Aws Security Tools
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
Stars: ✭ 6,464 (+6926.09%)
Mutual labels:  dfir, incident-response
Signature Base
Signature base for my scanner tools
Stars: ✭ 1,212 (+1217.39%)
Mutual labels:  dfir, threat-hunting
Watcher
Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
Stars: ✭ 324 (+252.17%)
Mutual labels:  incident-response, threat-hunting
Cortex
Cortex: a Powerful Observable Analysis and Active Response Engine
Stars: ✭ 676 (+634.78%)
Mutual labels:  dfir, incident-response
Threathunting
A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
Stars: ✭ 738 (+702.17%)
Mutual labels:  dfir, threat-hunting
View All Similar Projects ➔

Introduction

ThreatHunt is a simple PowerShell repository that allows you to train your threat hunting skills. ThreatHunt allows you to simulate a variety of attack techniques and procedures without leveraging malicious files. ThreatHunt is not an penetration system tool or framework but instead a very simply way to raise security alerts that help you to train your threat hunting skills.

Screenshot

Screenshot 2019-07-18 at 05 44 50

Scenario

Let's say you just got started in your career as a threat hunter or you are a threat hunter already but your organization got a new Endpoint Detection Response (EDR) or Security Information and Event Management (SIEM). In both cases you will want to have a safe harbour where you can raise security alerts and start analzying the data. This is where ThreatHunt can come handy as there are no malicious files but simply simulates tons of somewhat suspiscious activities.

Prerequisites

  1. ThreatHunt has been tested with Windows 10 1809+. However it is likely that it will work with most Windows 10 versions.
  2. Security tempering script is based on Microsoft Defender ATP suite (Attack Surface Reduction, Antivirus and Endpoint Detection Response (EDR)).
  3. ThreatHunt doesnt teach you hacking. Therefore for some scenarios you need to supply domain credentials (username, password), IP address ranges and O365 email credentials (e-mail address and password).

3rd-party Tools and Files

ThreatHunt installs and leverages some 3rd-party tools and files such as PSExec, NMAP, EICAR test files etc. All of these are subject to the license terms of the respective intellectual property owner.

Known Issues

  1. Cleanup.ps1 configures ASR rules into AuditMode. If ASR rules previously were Disabled please manually adjust.

Disclaimer

While there are no malicious files inside this GitHub repositroy its important to call out that you are responsible for your environment. Make sure to assess any tools you deploy wisely before using in production environments.

Some of the activities are very simplified. As an example one step is copying calc.exe under C:\Windows\System32 as mimikatz.exe to a network share. Again, this isnt about using malicious files but to simply generate noise that can be used to train threat hunting skills.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].