Judge-Jury-and-ExecutableA file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.
Stars: ✭ 66 (-23.26%)
Mutual labels: threat-hunting, yara-rules
TA-Sysmon-deployDeploy and maintain Symon through the Splunk Deployment Sever
Stars: ✭ 31 (-63.95%)
Mutual labels: threat-hunting
SysmonResourcesConsolidation of various resources related to Microsoft Sysmon & sample data/log
Stars: ✭ 64 (-25.58%)
Mutual labels: threat-hunting
ELK-HuntingThreat Hunting with ELK Workshop (InfoSecWorld 2017)
Stars: ✭ 58 (-32.56%)
Mutual labels: threat-hunting
utilitiesThis repository contains tools used by 401trg.
Stars: ✭ 19 (-77.91%)
Mutual labels: threat-hunting
censys-recon-ngrecon-ng modules for Censys
Stars: ✭ 29 (-66.28%)
Mutual labels: threat-hunting
ps-srum-huntingPowerShell Script to facilitate the processing of SRUM data for on-the-fly forensics and if needed threat hunting
Stars: ✭ 16 (-81.4%)
Mutual labels: threat-hunting
threat-intelSignatures and IoCs from public Volexity blog posts.
Stars: ✭ 130 (+51.16%)
Mutual labels: yara-rules
SSHapendoesCapture passwords of login attempts on non-existent and disabled accounts.
Stars: ✭ 31 (-63.95%)
Mutual labels: threat-hunting
DomainCATDomain Connectivity Analysis Tools to analyze aggregate connectivity patterns across a set of domains during security investigations
Stars: ✭ 34 (-60.47%)
Mutual labels: threat-hunting
MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (+160.47%)
Mutual labels: threat-hunting
OwlyshieldOwlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact))..
Stars: ✭ 281 (+226.74%)
Mutual labels: threat-hunting
csirtg-smrt-v1the fastest way to consume threat intelligence.
Stars: ✭ 27 (-68.6%)
Mutual labels: threat-hunting
malware-persistenceCollection of malware persistence and hunting information. Be a persistent persistence hunter!
Stars: ✭ 109 (+26.74%)
Mutual labels: threat-hunting
ETWNetMonv3ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
Stars: ✭ 32 (-62.79%)
Mutual labels: threat-hunting
PowerGRRPowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.
Stars: ✭ 52 (-39.53%)
Mutual labels: threat-hunting