MispMISP (core software) - Open Source Threat Intelligence and Sharing Platform
Stars: ✭ 3,485 (+3952.33%)
kestrel-langKestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel.
Stars: ✭ 165 (+91.86%)
ThreatingestorExtract and aggregate threat intelligence.
Stars: ✭ 439 (+410.47%)
YAFRAYAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.
Stars: ✭ 22 (-74.42%)
ApulloA scanner for taking basic fingerprints
Stars: ✭ 22 (-74.42%)
BLUELAYSearches online paste sites for certain search terms which can indicate a possible data breach.
Stars: ✭ 24 (-72.09%)
DetectionlabelkDetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
Stars: ✭ 273 (+217.44%)
StalkphishStalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.
Stars: ✭ 256 (+197.67%)
ETWNetMonv3ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
Stars: ✭ 32 (-62.79%)
KlaraKaspersky's GReAT KLara
Stars: ✭ 565 (+556.98%)
pybinaryedgePython 3 Wrapper for the BinaryEdge API https://www.binaryedge.io/
Stars: ✭ 16 (-81.4%)
BeagleBeagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Stars: ✭ 976 (+1034.88%)
OSINT-BrazucaRepositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.
Stars: ✭ 508 (+490.7%)
PatrowlmanagerPatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Stars: ✭ 363 (+322.09%)
ir scriptsincident response scripts
Stars: ✭ 17 (-80.23%)
Ioc ExplorerExplore Indicators of Compromise Automatically
Stars: ✭ 73 (-15.12%)
pyetiPython bindings for Yeti's API
Stars: ✭ 15 (-82.56%)
MeerkatA collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
Stars: ✭ 284 (+230.23%)
ThreathuntingA Splunk app mapped to MITRE ATT&CK to guide your threat hunts
Stars: ✭ 738 (+758.14%)
sqhunterA simple threat hunting tool based on osquery, Salt Open and Cymon API
Stars: ✭ 64 (-25.58%)
AttackdatamapA datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
Stars: ✭ 264 (+206.98%)
ThreatpinchlookupDocumentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Stars: ✭ 257 (+198.84%)
Auditd AttackA Linux Auditd rule set mapped to MITRE's Attack Framework
Stars: ✭ 642 (+646.51%)
rhqRecon Hunt Queries
Stars: ✭ 66 (-23.26%)
RpotReal-time Packet Observation Tool
Stars: ✭ 38 (-55.81%)
file watchtowerLightweight File Integrity Monitoring Tool
Stars: ✭ 27 (-68.6%)
FattFATT /fingerprintAllTheThings - a pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic
Stars: ✭ 490 (+469.77%)
irmaenpoint detection / live analysis & sandbox host / signatures quality test
Stars: ✭ 25 (-70.93%)
Signature BaseSignature base for my scanner tools
Stars: ✭ 1,212 (+1309.3%)
FclFCL (Fileless Command Lines) - Known command lines of fileless malicious executions
Stars: ✭ 409 (+375.58%)
IronNetTRThreat research and reporting from IronNet's Threat Research Teams
Stars: ✭ 36 (-58.14%)
BesafeBeSafe is robust threat analyzer which help to protect your desktop environment and know what's happening around you
Stars: ✭ 21 (-75.58%)
fastfinderIncident Response - Fast suspicious file finder
Stars: ✭ 116 (+34.88%)
WatcherWatcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
Stars: ✭ 324 (+276.74%)
Vendor-Threat-Triage-LookupLookup file hashes, domain names and IP addresses using various vendors to assist with triaging potential threats.
Stars: ✭ 17 (-80.23%)
Apt HunterAPT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
Stars: ✭ 297 (+245.35%)
detection-rulesThreat Detection & Anomaly Detection rules for popular open-source components
Stars: ✭ 34 (-60.47%)
S2ANS2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator
Stars: ✭ 70 (-18.6%)
Misp GalaxyClusters and elements to attach to MISP events or attributes (like threat actors)
Stars: ✭ 276 (+220.93%)
ScrummageThe Ultimate OSINT and Threat Hunting Framework
Stars: ✭ 355 (+312.79%)
Malware FeedBringing you the best of the worst files on the Internet.
Stars: ✭ 69 (-19.77%)
hassh-utilshassh-utils: Nmap NSE Script and Docker image for HASSH - the SSH client/server fingerprinting method (https://github.com/salesforce/hassh)
Stars: ✭ 41 (-52.33%)
Sysmon ConfigSysmon configuration file template with default high-quality event tracing
Stars: ✭ 3,287 (+3722.09%)
YaraHuntsRandom hunting ordiented yara rules
Stars: ✭ 86 (+0%)
BluespawnAn Active Defense and EDR software to empower Blue Teams
Stars: ✭ 737 (+756.98%)
HelkThe Hunting ELK
Stars: ✭ 3,097 (+3501.16%)
TelerReal-time HTTP Intrusion Detection
Stars: ✭ 1,248 (+1351.16%)
Sysmon ModularA repository of sysmon configuration modules
Stars: ✭ 1,229 (+1329.07%)
YetiYour Everyday Threat Intelligence
Stars: ✭ 1,037 (+1105.81%)
Sentinel AttackTools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Stars: ✭ 676 (+686.05%)
DnstwistDomain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
Stars: ✭ 3,124 (+3532.56%)