152 Open source projects that are alternatives of or similar to Bearded Avenger

TAXII client implementation from EclecticIQ

Python library using the MISP Rest API

Pushes Sysmon Configs

Interactive Threat Intelligence Bot that leverages serverless framework, AWS/GCP, and Slack

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

#ThreatHunting #DFIR #Malware #Detection Mind Maps

Recon Hunt Queries

Real-time Packet Observation Tool

A curated list of awesome YARA rules, tools, and people.

Aggregated Indicators of Compromise collected and cross-verified from multiple open and community-supported sources, enriched and ranked using our intelligence platform for you. Threat Intelligence, Threat feed, Open source feed.

BeSafe is robust threat analyzer which help to protect your desktop environment and know what's happening around you

My personal experience in Threat Hunting and knowledge gained so far.

Domain name permutation engine written in Go

Defund the Police.

JSON DataSet for macOS mapped to MITRE ATT&CK Tactics.

A repository of sysmon configuration modules

Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.

Set of SIGMA rules (>250) mapped to MITRE Att@k tactic and techniques

Incident Response - Fast suspicious file finder

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

Lookup file hashes, domain names and IP addresses using various vendors to assist with triaging potential threats.

Graylog Processing Pipeline functions to enrich log messages with IoC information from threat intelligence databases

CLI tool for open source and threat intelligence

Threat Detection & Anomaly Detection rules for popular open-source components

Capture passwords of login attempts on non-existent and disabled accounts.

S2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Detection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.

Defanged Indicator of Compromise (IOC) Extractor.

The FASTEST way to consume threat intel.

Kestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel.

Powerful plugins and add-ons for hackers

OSINT Threat Intel Interface - CLI for HoneyDB

Real-time HTTP Intrusion Detection

FATT /fingerprintAllTheThings - a pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic

Splunk code (SPL) useful for serious threat hunters.

Malware Sample Sources

ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.

FCL (Fileless Command Lines) - Known command lines of fileless malicious executions

PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.

Phishing catcher using Certstream

Microsoft Sentinel SOC Operations

Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io

Curated list of awesome cybersecurity companies and solutions.

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

PowerShell Script to facilitate the processing of SRUM data for on-the-fly forensics and if needed threat hunting

A dashboard for a real-time overview of threat intelligence from MISP instances

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

Threat Hunting with ELK Workshop (InfoSecWorld 2017)

Signature base for my scanner tools

Collection of malware persistence and hunting information. Be a persistent persistence hunter!

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

A curated list of awesome threat detection and hunting resources

Clusters and elements to attach to MISP events or attributes (like threat actors)

Explore Indicators of Compromise Automatically

DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.

Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.

Threat Feed Aggregation, Made Easy

Multithreaded threat Intelligence gathering built with Python3

TAXII server implementation in Python from EclecticIQ