WefflesBuild a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI
Stars: ✭ 176 (+1000%)
TelerReal-time HTTP Intrusion Detection
Stars: ✭ 1,248 (+7700%)
MthcAll-in-one bundle of MISP, TheHive and Cortex
Stars: ✭ 134 (+737.5%)
Yara RulesA collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.
Stars: ✭ 206 (+1187.5%)
DetectionsThis repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant yara rules and ids signatures to detect these indicators.
Stars: ✭ 95 (+493.75%)
mail to mispConnect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.
Stars: ✭ 61 (+281.25%)
PatrowlenginesPatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 162 (+912.5%)
Ioc ExplorerExplore Indicators of Compromise Automatically
Stars: ✭ 73 (+356.25%)
BeagleBeagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Stars: ✭ 976 (+6000%)
IntelowlIntel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
Stars: ✭ 2,114 (+13112.5%)
Threat HuntingPersonal compilation of APT malware from whitepaper releases, documents and own research
Stars: ✭ 219 (+1268.75%)
utilitiesThis repository contains tools used by 401trg.
Stars: ✭ 19 (+18.75%)
Awesome YaraA curated list of awesome YARA rules, tools, and people.
Stars: ✭ 1,394 (+8612.5%)
Adaz🔧 Automatically deploy customizable Active Directory labs in Azure
Stars: ✭ 197 (+1131.25%)
PatrowlhearsPatrowlHears - Vulnerability Intelligence Center / Exploits
Stars: ✭ 89 (+456.25%)
SysmonResourcesConsolidation of various resources related to Microsoft Sysmon & sample data/log
Stars: ✭ 64 (+300%)
Sysmon ModularA repository of sysmon configuration modules
Stars: ✭ 1,229 (+7581.25%)
Pcap AttackPCAP Samples for Different Post Exploitation Techniques
Stars: ✭ 175 (+993.75%)
YetiYour Everyday Threat Intelligence
Stars: ✭ 1,037 (+6381.25%)
Threat IntelArchive of publicly available threat INTel reports (mostly APT Reports but not limited to).
Stars: ✭ 252 (+1475%)
ThreathuntingTools for hunting for threats.
Stars: ✭ 153 (+856.25%)
ApulloA scanner for taking basic fingerprints
Stars: ✭ 22 (+37.5%)
ThreathuntingA Splunk app mapped to MITRE ATT&CK to guide your threat hunts
Stars: ✭ 738 (+4512.5%)
OpensquatDetection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.
Stars: ✭ 149 (+831.25%)
OsweepDon't Just Search OSINT. Sweep It.
Stars: ✭ 225 (+1306.25%)
Threatbus🚌 The missing link to connect open-source threat intelligence tools.
Stars: ✭ 139 (+768.75%)
OwlyshieldOwlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact))..
Stars: ✭ 281 (+1656.25%)
Threathunting SplSplunk code (SPL) useful for serious threat hunters.
Stars: ✭ 117 (+631.25%)
Werdlists⌨️ Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases
Stars: ✭ 216 (+1250%)
yair🦜 yair - a high-level compiler IR entirely written in Rust
Stars: ✭ 34 (+112.5%)
PatrowldocsPatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 105 (+556.25%)
SlidesMisc Threat Hunting Resources
Stars: ✭ 203 (+1168.75%)
DovehawkDovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings
Stars: ✭ 97 (+506.25%)
Judge-Jury-and-ExecutableA file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.
Stars: ✭ 66 (+312.5%)
ThreathuntThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.
Stars: ✭ 92 (+475%)
WhidsOpen Source EDR for Windows
Stars: ✭ 188 (+1075%)
Hunting Mindmaps🔍 Mindmaps for threat hunting - work in progress.
Stars: ✭ 86 (+437.5%)
csirtg-smrt-v1the fastest way to consume threat intelligence.
Stars: ✭ 27 (+68.75%)
PhishingkithunterFind phishing kits which use your brand/organization's files and image.
Stars: ✭ 177 (+1006.25%)
Signature BaseSignature base for my scanner tools
Stars: ✭ 1,212 (+7475%)
evtx-hunterevtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.
Stars: ✭ 122 (+662.5%)
Malware FeedBringing you the best of the worst files on the Internet.
Stars: ✭ 69 (+331.25%)
Ee OutliersOpen-source framework to detect outliers in Elasticsearch events
Stars: ✭ 172 (+975%)
RpotReal-time Packet Observation Tool
Stars: ✭ 38 (+137.5%)
DomainCATDomain Connectivity Analysis Tools to analyze aggregate connectivity patterns across a set of domains during security investigations
Stars: ✭ 34 (+112.5%)
BesafeBeSafe is robust threat analyzer which help to protect your desktop environment and know what's happening around you
Stars: ✭ 21 (+31.25%)
SiemSIEM Tactics, Techiques, and Procedures
Stars: ✭ 157 (+881.25%)
SysmontoolsUtilities for Sysmon
Stars: ✭ 903 (+5543.75%)
MihariA helper to run OSINT queries & manage results continuously
Stars: ✭ 239 (+1393.75%)
BluespawnAn Active Defense and EDR software to empower Blue Teams
Stars: ✭ 737 (+4506.25%)
Bearded AvengerCIF v3 -- the fastest way to consume threat intelligence
Stars: ✭ 152 (+850%)
thremulation-stationSmall-scale threat emulation and detection range built on Elastic and Atomic Redteam.
Stars: ✭ 28 (+75%)
TA-Sysmon-deployDeploy and maintain Symon through the Splunk Deployment Sever
Stars: ✭ 31 (+93.75%)
Threathunter PlaybookA Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
Stars: ✭ 2,879 (+17893.75%)