GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → 12306Bro → Threathunting-book

12306Bro / Threathunting-book

Licence: other
Threat hunting Web Windows AD linux ATT&CK TTPs

Labels

securitythreat-huntingattck

Projects that are alternatives of or similar to Threathunting-book

csirtg-smrt-v1
the fastest way to consume threat intelligence.
Stars: ✭ 27 (-92.01%)
Mutual labels:  threat-hunting
censys-recon-ng
recon-ng modules for Censys
Stars: ✭ 29 (-91.42%)
Mutual labels:  threat-hunting
YaraHunts
Random hunting ordiented yara rules
Stars: ✭ 86 (-74.56%)
Mutual labels:  threat-hunting
ps-srum-hunting
PowerShell Script to facilitate the processing of SRUM data for on-the-fly forensics and if needed threat hunting
Stars: ✭ 16 (-95.27%)
Mutual labels:  threat-hunting
SSHapendoes
Capture passwords of login attempts on non-existent and disabled accounts.
Stars: ✭ 31 (-90.83%)
Mutual labels:  threat-hunting
MindMaps
#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (-33.73%)
Mutual labels:  threat-hunting
SysmonResources
Consolidation of various resources related to Microsoft Sysmon & sample data/log
Stars: ✭ 64 (-81.07%)
Mutual labels:  threat-hunting
kestrel-lang
Kestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel.
Stars: ✭ 165 (-51.18%)
Mutual labels:  threat-hunting
SIGMA-detection-rules
Set of SIGMA rules (>250) mapped to MITRE Att@k tactic and techniques
Stars: ✭ 97 (-71.3%)
Mutual labels:  threat-hunting
ETWNetMonv3
ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
Stars: ✭ 32 (-90.53%)
Mutual labels:  threat-hunting
Malware-Sample-Sources
Malware Sample Sources
Stars: ✭ 214 (-36.69%)
Mutual labels:  threat-hunting
ELK-Hunting
Threat Hunting with ELK Workshop (InfoSecWorld 2017)
Stars: ✭ 58 (-82.84%)
Mutual labels:  threat-hunting
PowerGRR
PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.
Stars: ✭ 52 (-84.62%)
Mutual labels:  threat-hunting
ThreatIntelligence
Tracking APT IOCs
Stars: ✭ 23 (-93.2%)
Mutual labels:  threat-hunting
sqhunter
A simple threat hunting tool based on osquery, Salt Open and Cymon API
Stars: ✭ 64 (-81.07%)
Mutual labels:  threat-hunting
thremulation-station
Small-scale threat emulation and detection range built on Elastic and Atomic Redteam.
Stars: ✭ 28 (-91.72%)
Mutual labels:  threat-hunting
Azure-Sentinel-4-SecOps
Microsoft Sentinel SOC Operations
Stars: ✭ 140 (-58.58%)
Mutual labels:  threat-hunting
Scrummage
The Ultimate OSINT and Threat Hunting Framework
Stars: ✭ 355 (+5.03%)
Mutual labels:  threat-hunting
hassh-utils
hassh-utils: Nmap NSE Script and Docker image for HASSH - the SSH client/server fingerprinting method (https://github.com/salesforce/hassh)
Stars: ✭ 41 (-87.87%)
Mutual labels:  threat-hunting
SysmonConfigPusher
Pushes Sysmon Configs
Stars: ✭ 59 (-82.54%)
Mutual labels:  threat-hunting
View All Similar Projects ➔

ThreatHunting-book

简介

Threathunting-book目前已覆盖105个TID,316个场景。主要涵盖Web、Windows AD、Linux,涉及ATT&CK技术、模拟测试、检测思路、检测所需数据源等。

覆盖图

规则说明

Web_Attck检测规则为Suricata、Sigma两种格式,端点检测规则为Sigma格式为主。

致谢

特别感谢以下项目,没有以下项目,本项目不会开展起来。致谢项目排序遵循指导思想、数据&组件、规则、对手仿真、红队技术逻辑进行排序。

Mitre.Att&ck

数据&组件

开源规则

对手仿真

红队技术

一些比较有意思的蓝队项目

Stargazers over time

Stargazers over time

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].