145 Open source projects that are alternatives of or similar to Auditd Attack

PCAP Samples for Different Post Exploitation Techniques

A repository of sysmon configuration modules

Recon Hunt Queries

An Active Defense and EDR software to empower Blue Teams

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

Windows Events Attack Samples

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

S2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

JSON DataSet for macOS mapped to MITRE ATT&CK Tactics.

Set of SIGMA rules (>250) mapped to MITRE Att@k tactic and techniques

Sysmon configuration file template with default high-quality event tracing

Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.

YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.

incident response scripts

Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.

The Hunting ELK

Lookup file hashes, domain names and IP addresses using various vendors to assist with triaging potential threats.

Repository for threat hunting and detection queries, tools, etc.

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension

Threat Detection & Anomaly Detection rules for popular open-source components

Searches online paste sites for certain search terms which can indicate a possible data breach.

Extract and aggregate threat intelligence.

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

Threat hunting Web Windows AD linux ATT&CK TTPs

The Ultimate OSINT and Threat Hunting Framework

OpenCTI connectors

DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.

Threat research and reporting from IronNet's Threat Research Teams

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

Incident Response - Fast suspicious file finder

hassh-utils: Nmap NSE Script and Docker image for HASSH - the SSH client/server fingerprinting method (https://github.com/salesforce/hassh)

CyCAT.org API back-end server including crawlers

Small and highly portable detection tests based on MITRE's ATT&CK.

Threat Hunting queries for various attacks

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

Python bindings for Yeti's API

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.

Lightweight File Integrity Monitoring Tool

ATT&CK Evaluations website (DEPRECATED)

Kaspersky's GReAT KLara

Kestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel.

Repository with Sample KQL Query examples for Threat Hunting

MITRE Shield website

An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.

Mapping NSM rules to MITRE ATT&CK

A simple threat hunting tool based on osquery, Salt Open and Cymon API

Random hunting ordiented yara rules

ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.

Shuffle: A general purpose security automation platform platform. We focus on accessibility for all.

Scripts and a (future) library to improve users' interactions with the ATT&CK content

Python 3 Wrapper for the BinaryEdge API https://www.binaryedge.io/

Pushes Sysmon Configs

PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.

enpoint detection / live analysis & sandbox host / signatures quality test

#ThreatHunting #DFIR #Malware #Detection Mind Maps

Microsoft Sentinel SOC Operations

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

My personal experience in Threat Hunting and knowledge gained so far.