csirtg-smrt-v1the fastest way to consume threat intelligence.
Stars: ✭ 27 (-92.01%)
Mutual labels: threat-hunting
censys-recon-ngrecon-ng modules for Censys
Stars: ✭ 29 (-91.42%)
Mutual labels: threat-hunting
YaraHuntsRandom hunting ordiented yara rules
Stars: ✭ 86 (-74.56%)
Mutual labels: threat-hunting
ps-srum-huntingPowerShell Script to facilitate the processing of SRUM data for on-the-fly forensics and if needed threat hunting
Stars: ✭ 16 (-95.27%)
Mutual labels: threat-hunting
SSHapendoesCapture passwords of login attempts on non-existent and disabled accounts.
Stars: ✭ 31 (-90.83%)
Mutual labels: threat-hunting
MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (-33.73%)
Mutual labels: threat-hunting
SysmonResourcesConsolidation of various resources related to Microsoft Sysmon & sample data/log
Stars: ✭ 64 (-81.07%)
Mutual labels: threat-hunting
kestrel-langKestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel.
Stars: ✭ 165 (-51.18%)
Mutual labels: threat-hunting
SIGMA-detection-rulesSet of SIGMA rules (>250) mapped to MITRE Att@k tactic and techniques
Stars: ✭ 97 (-71.3%)
Mutual labels: threat-hunting
ETWNetMonv3ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
Stars: ✭ 32 (-90.53%)
Mutual labels: threat-hunting
ELK-HuntingThreat Hunting with ELK Workshop (InfoSecWorld 2017)
Stars: ✭ 58 (-82.84%)
Mutual labels: threat-hunting
PowerGRRPowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.
Stars: ✭ 52 (-84.62%)
Mutual labels: threat-hunting
sqhunterA simple threat hunting tool based on osquery, Salt Open and Cymon API
Stars: ✭ 64 (-81.07%)
Mutual labels: threat-hunting
thremulation-stationSmall-scale threat emulation and detection range built on Elastic and Atomic Redteam.
Stars: ✭ 28 (-91.72%)
Mutual labels: threat-hunting
ScrummageThe Ultimate OSINT and Threat Hunting Framework
Stars: ✭ 355 (+5.03%)
Mutual labels: threat-hunting
hassh-utilshassh-utils: Nmap NSE Script and Docker image for HASSH - the SSH client/server fingerprinting method (https://github.com/salesforce/hassh)
Stars: ✭ 41 (-87.87%)
Mutual labels: threat-hunting
SysmonConfigPusherPushes Sysmon Configs
Stars: ✭ 59 (-82.54%)
Mutual labels: threat-hunting