Pcap AttackPCAP Samples for Different Post Exploitation Techniques
Stars: ✭ 175 (-72.74%)
Sysmon ModularA repository of sysmon configuration modules
Stars: ✭ 1,229 (+91.43%)
rhqRecon Hunt Queries
Stars: ✭ 66 (-89.72%)
BluespawnAn Active Defense and EDR software to empower Blue Teams
Stars: ✭ 737 (+14.8%)
Sentinel AttackTools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Stars: ✭ 676 (+5.3%)
ThreathuntingA Splunk app mapped to MITRE ATT&CK to guide your threat hunts
Stars: ✭ 738 (+14.95%)
S2ANS2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator
Stars: ✭ 70 (-89.1%)
AttackdatamapA datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
Stars: ✭ 264 (-58.88%)
SIGMA-detection-rulesSet of SIGMA rules (>250) mapped to MITRE Att@k tactic and techniques
Stars: ✭ 97 (-84.89%)
Sysmon ConfigSysmon configuration file template with default high-quality event tracing
Stars: ✭ 3,287 (+411.99%)
OSINT-BrazucaRepositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.
Stars: ✭ 508 (-20.87%)
YAFRAYAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.
Stars: ✭ 22 (-96.57%)
ir scriptsincident response scripts
Stars: ✭ 17 (-97.35%)
WatcherWatcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
Stars: ✭ 324 (-49.53%)
HelkThe Hunting ELK
Stars: ✭ 3,097 (+382.4%)
Vendor-Threat-Triage-LookupLookup file hashes, domain names and IP addresses using various vendors to assist with triaging potential threats.
Stars: ✭ 17 (-97.35%)
ThreatpinchlookupDocumentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Stars: ✭ 257 (-59.97%)
detection-rulesThreat Detection & Anomaly Detection rules for popular open-source components
Stars: ✭ 34 (-94.7%)
BLUELAYSearches online paste sites for certain search terms which can indicate a possible data breach.
Stars: ✭ 24 (-96.26%)
ThreatingestorExtract and aggregate threat intelligence.
Stars: ✭ 439 (-31.62%)
Apt HunterAPT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
Stars: ✭ 297 (-53.74%)
ScrummageThe Ultimate OSINT and Threat Hunting Framework
Stars: ✭ 355 (-44.7%)
connectorsOpenCTI connectors
Stars: ✭ 135 (-78.97%)
DetectionlabelkDetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
Stars: ✭ 273 (-57.48%)
IronNetTRThreat research and reporting from IronNet's Threat Research Teams
Stars: ✭ 36 (-94.39%)
PatrowlmanagerPatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Stars: ✭ 363 (-43.46%)
fastfinderIncident Response - Fast suspicious file finder
Stars: ✭ 116 (-81.93%)
hassh-utilshassh-utils: Nmap NSE Script and Docker image for HASSH - the SSH client/server fingerprinting method (https://github.com/salesforce/hassh)
Stars: ✭ 41 (-93.61%)
cycat-serviceCyCAT.org API back-end server including crawlers
Stars: ✭ 25 (-96.11%)
Atomic Red TeamSmall and highly portable detection tests based on MITRE's ATT&CK.
Stars: ✭ 5,364 (+735.51%)
DnstwistDomain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
Stars: ✭ 3,124 (+386.6%)
pyetiPython bindings for Yeti's API
Stars: ✭ 15 (-97.66%)
MispMISP (core software) - Open Source Threat Intelligence and Sharing Platform
Stars: ✭ 3,485 (+442.83%)
StalkphishStalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.
Stars: ✭ 256 (-60.12%)
file watchtowerLightweight File Integrity Monitoring Tool
Stars: ✭ 27 (-95.79%)
attack-evalsATT&CK Evaluations website (DEPRECATED)
Stars: ✭ 57 (-91.12%)
KlaraKaspersky's GReAT KLara
Stars: ✭ 565 (-11.99%)
kestrel-langKestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel.
Stars: ✭ 165 (-74.3%)
Adversary emulation libraryAn open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.
Stars: ✭ 295 (-54.05%)
nsm-attackMapping NSM rules to MITRE ATT&CK
Stars: ✭ 53 (-91.74%)
sqhunterA simple threat hunting tool based on osquery, Salt Open and Cymon API
Stars: ✭ 64 (-90.03%)
YaraHuntsRandom hunting ordiented yara rules
Stars: ✭ 86 (-86.6%)
ETWNetMonv3ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
Stars: ✭ 32 (-95.02%)
ShuffleShuffle: A general purpose security automation platform platform. We focus on accessibility for all.
Stars: ✭ 424 (-33.96%)
Attack ScriptsScripts and a (future) library to improve users' interactions with the ATT&CK content
Stars: ✭ 290 (-54.83%)
pybinaryedgePython 3 Wrapper for the BinaryEdge API https://www.binaryedge.io/
Stars: ✭ 16 (-97.51%)
PowerGRRPowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.
Stars: ✭ 52 (-91.9%)
irmaenpoint detection / live analysis & sandbox host / signatures quality test
Stars: ✭ 25 (-96.11%)
MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (-65.11%)
MeerkatA collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
Stars: ✭ 284 (-55.76%)