MalwlessTest Blue Team detections without running any attack.
Stars: ✭ 215 (-18.56%)
Sysmon ModularA repository of sysmon configuration modules
Stars: ✭ 1,229 (+365.53%)
Sentinel AttackTools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Stars: ✭ 676 (+156.06%)
ThreathuntingA Splunk app mapped to MITRE ATT&CK to guide your threat hunts
Stars: ✭ 738 (+179.55%)
rhqRecon Hunt Queries
Stars: ✭ 66 (-75%)
ir scriptsincident response scripts
Stars: ✭ 17 (-93.56%)
S2ANS2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator
Stars: ✭ 70 (-73.48%)
ThreatpinchlookupDocumentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Stars: ✭ 257 (-2.65%)
MeerkatA collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
Stars: ✭ 284 (+7.58%)
SiemSIEM Tactics, Techiques, and Procedures
Stars: ✭ 157 (-40.53%)
Auditd AttackA Linux Auditd rule set mapped to MITRE's Attack Framework
Stars: ✭ 642 (+143.18%)
Threathunting SplSplunk code (SPL) useful for serious threat hunters.
Stars: ✭ 117 (-55.68%)
DetectionlabelkDetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
Stars: ✭ 273 (+3.41%)
ThreatingestorExtract and aggregate threat intelligence.
Stars: ✭ 439 (+66.29%)
Atc ReactA knowledge base of actionable Incident Response techniques
Stars: ✭ 226 (-14.39%)
SIGMA-detection-rulesSet of SIGMA rules (>250) mapped to MITRE Att@k tactic and techniques
Stars: ✭ 97 (-63.26%)
BluespawnAn Active Defense and EDR software to empower Blue Teams
Stars: ✭ 737 (+179.17%)
Threathunter PlaybookA Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
Stars: ✭ 2,879 (+990.53%)
detection-rulesThreat Detection & Anomaly Detection rules for popular open-source components
Stars: ✭ 34 (-87.12%)
BeagleBeagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Stars: ✭ 976 (+269.7%)
Signature BaseSignature base for my scanner tools
Stars: ✭ 1,212 (+359.09%)
ThreathuntThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.
Stars: ✭ 92 (-65.15%)
OrianaOriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
Stars: ✭ 152 (-42.42%)
MthcAll-in-one bundle of MISP, TheHive and Cortex
Stars: ✭ 134 (-49.24%)
WhidsOpen Source EDR for Windows
Stars: ✭ 188 (-28.79%)
Pcap AttackPCAP Samples for Different Post Exploitation Techniques
Stars: ✭ 175 (-33.71%)
Vast🔮 Visibility Across Space and Time
Stars: ✭ 227 (-14.02%)
YetiYour Everyday Threat Intelligence
Stars: ✭ 1,037 (+292.8%)
TA-Sysmon-deployDeploy and maintain Symon through the Splunk Deployment Sever
Stars: ✭ 31 (-88.26%)
Ee OutliersOpen-source framework to detect outliers in Elasticsearch events
Stars: ✭ 172 (-34.85%)
SlidesMisc Threat Hunting Resources
Stars: ✭ 203 (-23.11%)
MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (-15.15%)
fastfinderIncident Response - Fast suspicious file finder
Stars: ✭ 116 (-56.06%)
IRScriptsIncident Response Scripts
Stars: ✭ 29 (-89.02%)
awesomekqlAzure Sentinel intrusion detection rules, recent exploits and lolbas :)
Stars: ✭ 16 (-93.94%)
Kong-API-ManagerKong API Manager with Prometheus And Graylog
Stars: ✭ 78 (-70.45%)
yara-rulesYara rules written by me, for free use.
Stars: ✭ 13 (-95.08%)
irmaenpoint detection / live analysis & sandbox host / signatures quality test
Stars: ✭ 25 (-90.53%)
artifactcollector🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system
Stars: ✭ 140 (-46.97%)
DFIRRegexA repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.
Stars: ✭ 33 (-87.5%)
LogmiraLogmira by Blumira has been created by Amanda Berlin as a helpful download of Microsoft Windows Domain Group Policy Object settings.
Stars: ✭ 46 (-82.58%)
siemstressVery basic CLI SIEM (Security Information and Event Management system).
Stars: ✭ 24 (-90.91%)
minerchkBash script to Check for malicious Cryptomining
Stars: ✭ 36 (-86.36%)
calamityA script to assist in processing forensic RAM captures for malware triage
Stars: ✭ 24 (-90.91%)
skalogs-bundleOpen Source data and event driven real time Monitoring and Analytics Platform
Stars: ✭ 16 (-93.94%)
hashlookup-forensic-analyserAnalyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/
Stars: ✭ 43 (-83.71%)
catalystCatalyst is an open source SOAR system that helps to automate alert handling and incident response processes
Stars: ✭ 91 (-65.53%)
cycat-serviceCyCAT.org API back-end server including crawlers
Stars: ✭ 25 (-90.53%)
factual-rules-generatorFactual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.
Stars: ✭ 62 (-76.52%)
Vendor-Threat-Triage-LookupLookup file hashes, domain names and IP addresses using various vendors to assist with triaging potential threats.
Stars: ✭ 17 (-93.56%)
attckr⚔️MITRE ATT&CK Machinations in R
Stars: ✭ 22 (-91.67%)
LevelDBDumperDumps all of the Key/Value pairs from a LevelDB database
Stars: ✭ 23 (-91.29%)