AttackdatamapA datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
Stars: ✭ 264 (-53.27%)
ps-srum-huntingPowerShell Script to facilitate the processing of SRUM data for on-the-fly forensics and if needed threat hunting
Stars: ✭ 16 (-97.17%)
csirtg-smrt-v1the fastest way to consume threat intelligence.
Stars: ✭ 27 (-95.22%)
DaProfilerDaProfiler allows you to create a profile on your target based in France only. The particularity of this program is its ability to find the e-mail addresses your target.
Stars: ✭ 58 (-89.73%)
threat-intelSignatures and IoCs from public Volexity blog posts.
Stars: ✭ 130 (-76.99%)
freki🐺 Malware analysis platform
Stars: ✭ 327 (-42.12%)
ThePhishThePhish: an automated phishing email analysis tool
Stars: ✭ 676 (+19.65%)
SysmonResourcesConsolidation of various resources related to Microsoft Sysmon & sample data/log
Stars: ✭ 64 (-88.67%)
ayashigeAyashige provides a list of suspicious newly updated domains as a JSON feed
Stars: ✭ 27 (-95.22%)
TA-Sysmon-deployDeploy and maintain Symon through the Splunk Deployment Sever
Stars: ✭ 31 (-94.51%)
misp-takedownA curses-style interface for automatic takedown notification based on MISP events.
Stars: ✭ 19 (-96.64%)
OwlyshieldOwlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact))..
Stars: ✭ 281 (-50.27%)
intelligence-iconsintelligence-icons is a collection of icons and diagrams for building training and marketing materials around Intelligence sharing; including but not limited to CTI, MISP Threat Sharing, STIX 2.
Stars: ✭ 32 (-94.34%)
Judge-Jury-and-ExecutableA file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.
Stars: ✭ 66 (-88.32%)
FclFCL (Fileless Command Lines) - Known command lines of fileless malicious executions
Stars: ✭ 409 (-27.61%)
MeerkatA collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
Stars: ✭ 284 (-49.73%)
SyntheticSunSyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threats.
Stars: ✭ 49 (-91.33%)
cycat-serviceCyCAT.org API back-end server including crawlers
Stars: ✭ 25 (-95.58%)
thremulation-stationSmall-scale threat emulation and detection range built on Elastic and Atomic Redteam.
Stars: ✭ 28 (-95.04%)
Apt HunterAPT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
Stars: ✭ 297 (-47.43%)
DomainCATDomain Connectivity Analysis Tools to analyze aggregate connectivity patterns across a set of domains during security investigations
Stars: ✭ 34 (-93.98%)
fastfinderIncident Response - Fast suspicious file finder
Stars: ✭ 116 (-79.47%)
d4-coreD4 core software (server and sample sensor client)
Stars: ✭ 40 (-92.92%)
MalwareHashDBMalware hashes for open source projects.
Stars: ✭ 31 (-94.51%)
utilitiesThis repository contains tools used by 401trg.
Stars: ✭ 19 (-96.64%)
ir scriptsincident response scripts
Stars: ✭ 17 (-96.99%)
MitakaA browser extension for OSINT search
Stars: ✭ 483 (-14.51%)
CCXDiggerThe CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Stars: ✭ 45 (-92.04%)
yara-rulesYara rules written by me, for free use.
Stars: ✭ 13 (-97.7%)
Vendor-Threat-Triage-LookupLookup file hashes, domain names and IP addresses using various vendors to assist with triaging potential threats.
Stars: ✭ 17 (-96.99%)
evtx-hunterevtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.
Stars: ✭ 122 (-78.41%)
Threathunter PlaybookA Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
Stars: ✭ 2,879 (+409.56%)
Freki🐺 Malware analysis platform
Stars: ✭ 285 (-49.56%)
rhqRecon Hunt Queries
Stars: ✭ 66 (-88.32%)
Werdlists⌨️ Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases
Stars: ✭ 216 (-61.77%)
Yara RulesA collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.
Stars: ✭ 206 (-63.54%)
pyetiPython bindings for Yeti's API
Stars: ✭ 15 (-97.35%)
SlidesMisc Threat Hunting Resources
Stars: ✭ 203 (-64.07%)
Adaz🔧 Automatically deploy customizable Active Directory labs in Azure
Stars: ✭ 197 (-65.13%)
detection-rulesThreat Detection & Anomaly Detection rules for popular open-source components
Stars: ✭ 34 (-93.98%)
WhidsOpen Source EDR for Windows
Stars: ✭ 188 (-66.73%)
BLUELAYSearches online paste sites for certain search terms which can indicate a possible data breach.
Stars: ✭ 24 (-95.75%)
WefflesBuild a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI
Stars: ✭ 176 (-68.85%)
Pcap AttackPCAP Samples for Different Post Exploitation Techniques
Stars: ✭ 175 (-69.03%)
file watchtowerLightweight File Integrity Monitoring Tool
Stars: ✭ 27 (-95.22%)
TwiTiThis is a project of "#Twiti: Social Listening for Threat Intelligence" (TheWebConf 2021)
Stars: ✭ 120 (-78.76%)
Ee OutliersOpen-source framework to detect outliers in Elasticsearch events
Stars: ✭ 172 (-69.56%)
S2ANS2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator
Stars: ✭ 70 (-87.61%)
SiemSIEM Tactics, Techiques, and Procedures
Stars: ✭ 157 (-72.21%)
ThreathuntingTools for hunting for threats.
Stars: ✭ 153 (-72.92%)
nsm-attackMapping NSM rules to MITRE ATT&CK
Stars: ✭ 53 (-90.62%)
Bearded AvengerCIF v3 -- the fastest way to consume threat intelligence
Stars: ✭ 152 (-73.1%)
OrianaOriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
Stars: ✭ 152 (-73.1%)