333 Open source projects that are alternatives of or similar to Mthc

#ThreatHunting #DFIR #Malware #Detection Mind Maps

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

Explore Indicators of Compromise Automatically

Incident Response - Fast suspicious file finder

Recon Hunt Queries

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

incident response scripts

Extract and aggregate threat intelligence.

ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.

Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension

Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.

Signature base for my scanner tools

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.

Microsoft Sentinel SOC Operations

Threat Hunting queries for various attacks

Parses Windows event logs files based on SANS Poster

A repository of sysmon configuration modules

Catalyst is an open source SOAR system that helps to automate alert handling and incident response processes

Invoke-LiveResponse

Bringing you the best of the worst files on the Internet.

Yara rules written by me, for free use.

The Ultimate OSINT and Threat Hunting Framework

MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR

SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threats.

StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.

Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings

Threat research and reporting from IronNet's Threat Research Teams

Digital Forensics Investigation Platform

DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

Trace ScriptBlock execution for powershell v2

Python 3 Wrapper for the BinaryEdge API https://www.binaryedge.io/

Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

Clusters and elements to attach to MISP events or attributes (like threat actors)

Docker configurations for TheHive, Cortex and 3rd party tools

PS / Bash / Python / Other scripts For FUN!

Your Everyday Threat Intelligence

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree view.

A toolkit for Security Researchers

PatrowlHears - Vulnerability Intelligence Center / Exploits

Documentation of TheHive

FCL (Fileless Command Lines) - Known command lines of fileless malicious executions

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

A curated list of tools for incident response

Kaspersky's GReAT KLara

Real-time HTTP Intrusion Detection

Malcom - Malware Communications Analyzer

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

Cortex: a Powerful Observable Analysis and Active Response Engine

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

BeSafe is robust threat analyzer which help to protect your desktop environment and know what's happening around you

Python API Client for Cortex