156 Open source projects that are alternatives of or similar to csirtg-smrt-v1

Tracking APT IOCs

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

Python bindings for Yeti's API

🚌 The missing link to connect open-source threat intelligence tools.

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension

Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

Fang and defang indicators of compromise. You can test this project in a GUI here: http://ioc-fanger.hightower.space .

Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.

Bringing you the best of the worst files on the Internet.

Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.

Best practices in threat intelligence

recon-ng modules for Censys

A simple threat hunting tool based on osquery, Salt Open and Cymon API

StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.

Sysmon configuration file template with default high-quality event tracing

Defund the Police.

Python 3 Wrapper for the BinaryEdge API https://www.binaryedge.io/

PatrowlHears - Vulnerability Intelligence Center / Exploits

Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io

Utilities for Sysmon

Threat research and reporting from IronNet's Threat Research Teams

Your Everyday Threat Intelligence

YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.

Extract and aggregate threat intelligence.

CIF v3 -- the fastest way to consume threat intelligence

Detection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.

Don't Just Search OSINT. Sweep It.

Personal compilation of APT malware from whitepaper releases, documents and own research

All-in-one bundle of MISP, TheHive and Cortex

This repository contains tools used by 401trg.

⌨️ Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases

Splunk code (SPL) useful for serious threat hunters.

JSON DataSet for macOS mapped to MITRE ATT&CK Tactics.

A curated list of awesome threat detection and hunting resources

Hashes of infamous malware

A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.

A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.

A toolkit for Security Researchers

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

Misc Threat Hunting Resources

A curated list of awesome YARA rules, tools, and people.

Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings

Standard-Format Threat Intelligence Feeds

🔧 Automatically deploy customizable Active Directory labs in Azure

This repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant yara rules and ids signatures to detect these indicators.

Open Source EDR for Windows

ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.

Consolidation of various resources related to Microsoft Sysmon & sample data/log

🔍 Mindmaps for threat hunting - work in progress.

Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI

Real-time HTTP Intrusion Detection

Windows Events Attack Samples

Find phishing kits which use your brand/organization's files and image.

A repository of sysmon configuration modules

Signature base for my scanner tools

evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.

PCAP Samples for Different Post Exploitation Techniques

Explore Indicators of Compromise Automatically

Open-source framework to detect outliers in Elasticsearch events

Real-time Packet Observation Tool