GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → GossiTheDog → Threathunting

GossiTheDog / Threathunting

Licence: gpl-3.0
Tools for hunting for threats.

Labels

threat-huntingyara

Projects that are alternatives of or similar to Threathunting

Awesome Yara
A curated list of awesome YARA rules, tools, and people.
Stars: ✭ 1,394 (+811.11%)
Mutual labels:  threat-hunting, yara
Threatingestor
Extract and aggregate threat intelligence.
Stars: ✭ 439 (+186.93%)
Mutual labels:  threat-hunting, yara
Yara Rules
A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.
Stars: ✭ 206 (+34.64%)
Mutual labels:  threat-hunting, yara
Rpot
Real-time Packet Observation Tool
Stars: ✭ 38 (-75.16%)
Mutual labels:  threat-hunting, yara
Judge-Jury-and-Executable
A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.
Stars: ✭ 66 (-56.86%)
Mutual labels:  threat-hunting, yara
Signature Base
Signature base for my scanner tools
Stars: ✭ 1,212 (+692.16%)
Mutual labels:  threat-hunting, yara
Dovehawk
Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings
Stars: ✭ 97 (-36.6%)
Mutual labels:  threat-hunting
Threathunting Spl
Splunk code (SPL) useful for serious threat hunters.
Stars: ✭ 117 (-23.53%)
Mutual labels:  threat-hunting
Threathunt
ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.
Stars: ✭ 92 (-39.87%)
Mutual labels:  threat-hunting
Hunting Mindmaps
🔍 Mindmaps for threat hunting - work in progress.
Stars: ✭ 86 (-43.79%)
Mutual labels:  threat-hunting
Oriana
Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
Stars: ✭ 152 (-0.65%)
Mutual labels:  threat-hunting
Threatbus
🚌 The missing link to connect open-source threat intelligence tools.
Stars: ✭ 139 (-9.15%)
Mutual labels:  threat-hunting
Awesome Threat Detection
A curated list of awesome threat detection and hunting resources
Stars: ✭ 1,804 (+1079.08%)
Mutual labels:  threat-hunting
Walkoff Apps
WALKOFF-enabled applications. #nsacyber
Stars: ✭ 125 (-18.3%)
Mutual labels:  yara
Detections
This repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant yara rules and ids signatures to detect these indicators.
Stars: ✭ 95 (-37.91%)
Mutual labels:  threat-hunting
Intelowl
Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
Stars: ✭ 2,114 (+1281.7%)
Mutual labels:  threat-hunting
Patrowlhears
PatrowlHears - Vulnerability Intelligence Center / Exploits
Stars: ✭ 89 (-41.83%)
Mutual labels:  threat-hunting
Analyst Arsenal
A toolkit for Security Researchers
Stars: ✭ 112 (-26.8%)
Mutual labels:  threat-hunting
Mthc
All-in-one bundle of MISP, TheHive and Cortex
Stars: ✭ 134 (-12.42%)
Mutual labels:  threat-hunting
Plyara
Parse YARA rules and operate over them more easily.
Stars: ✭ 108 (-29.41%)
Mutual labels:  yara
View All Similar Projects ➔

ThreatHunting

I am publishing GPL v3 tools for hunting for threats in your organisations.

Nexthink modules

Threat hunting - Potential malware downloads v1.0.xml

This is a report which shows all calls to internet domains from common malware document techniques. Most endpoint malware - such as macros, Office exploits etc - use the same set of methods to download their payloads.

The methods currently monitored include:

  • rundll32
  • mshta
  • PowerShell
  • wscript/cscript
  • wmic
  • sct remote calls
  • InfDefaultInstall (Inf remote calls)
  • certutil

The report will show domains. You can change the report to show users, executables instead if you want, or investigate each domain

In terms of false positives, you will very likely want to add a rule to filter out traffic destined for your internal IP ranges, or whitelist domains inside your environment. For example, when adding a Printer it will call rundll32, and hit the printer for web traffic - which triggers in the report - just whitelist it.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].