WatcherWatcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
Stars: ✭ 324 (+1925%)
PatrowlmanagerPatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Stars: ✭ 363 (+2168.75%)
DnsmorphDomain name permutation engine written in Go
Stars: ✭ 148 (+825%)
KlaraKaspersky's GReAT KLara
Stars: ✭ 565 (+3431.25%)
rstthreatsAggregated Indicators of Compromise collected and cross-verified from multiple open and community-supported sources, enriched and ranked using our intelligence platform for you. Threat Intelligence, Threat feed, Open source feed.
Stars: ✭ 17 (+6.25%)
DomainCATDomain Connectivity Analysis Tools to analyze aggregate connectivity patterns across a set of domains during security investigations
Stars: ✭ 34 (+112.5%)
MimirOSINT Threat Intel Interface - CLI for HoneyDB
Stars: ✭ 104 (+550%)
Malware-ZooHashes of infamous malware
Stars: ✭ 18 (+12.5%)
ioc-fangerFang and defang indicators of compromise. You can test this project in a GUI here: http://ioc-fanger.hightower.space .
Stars: ✭ 47 (+193.75%)
ir scriptsincident response scripts
Stars: ✭ 17 (+6.25%)
coronavirus-covid-19-SARS-CoV-2-IoCsAll the IOC's I have gathered which are used directly involved coronavirus / covid-19 / SARS-CoV-2 cyber attack campaigns
Stars: ✭ 67 (+318.75%)
TA-Sysmon-deployDeploy and maintain Symon through the Splunk Deployment Sever
Stars: ✭ 31 (+93.75%)
d4-coreD4 core software (server and sample sensor client)
Stars: ✭ 40 (+150%)
OwlyshieldOwlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact))..
Stars: ✭ 281 (+1656.25%)
utilitiesThis repository contains tools used by 401trg.
Stars: ✭ 19 (+18.75%)
cycat-serviceCyCAT.org API back-end server including crawlers
Stars: ✭ 25 (+56.25%)
ArgosThis script will automatically set up an OSINT workstation starting from a Ubuntu OS.
Stars: ✭ 73 (+356.25%)
Judge-Jury-and-ExecutableA file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.
Stars: ✭ 66 (+312.5%)
FireHOL-IP-AggregatorApplication for keeping feeds from FireHOL https://github.com/firehol/blocklist-ipsets with IP addresses appearance history. HTTP-based API service is developed for search requests.
Stars: ✭ 26 (+62.5%)
Vendor-Threat-Triage-LookupLookup file hashes, domain names and IP addresses using various vendors to assist with triaging potential threats.
Stars: ✭ 17 (+6.25%)
CCXDiggerThe CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Stars: ✭ 45 (+181.25%)
evtx-hunterevtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.
Stars: ✭ 122 (+662.5%)
YaraHuntsRandom hunting ordiented yara rules
Stars: ✭ 86 (+437.5%)
DaProfilerDaProfiler allows you to create a profile on your target based in France only. The particularity of this program is its ability to find the e-mail addresses your target.
Stars: ✭ 58 (+262.5%)
connectorsOpenCTI connectors
Stars: ✭ 135 (+743.75%)
awesome-intelligence-writingAwesome collection of great and useful resources concerning intelligence writing such as manuals/guides, standards, books, and articles
Stars: ✭ 285 (+1681.25%)
Threathunter PlaybookA Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
Stars: ✭ 2,879 (+17893.75%)
ETWNetMonv3ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
Stars: ✭ 32 (+100%)
Werdlists⌨️ Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases
Stars: ✭ 216 (+1250%)
Yara RulesA collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.
Stars: ✭ 206 (+1187.5%)
SlidesMisc Threat Hunting Resources
Stars: ✭ 203 (+1168.75%)
Adaz🔧 Automatically deploy customizable Active Directory labs in Azure
Stars: ✭ 197 (+1131.25%)
PowerGRRPowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.
Stars: ✭ 52 (+225%)
WhidsOpen Source EDR for Windows
Stars: ✭ 188 (+1075%)
WefflesBuild a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI
Stars: ✭ 176 (+1000%)
Pcap AttackPCAP Samples for Different Post Exploitation Techniques
Stars: ✭ 175 (+993.75%)
PhishruffusIntelligent threat hunter and phishing servers
Stars: ✭ 44 (+175%)
Ee OutliersOpen-source framework to detect outliers in Elasticsearch events
Stars: ✭ 172 (+975%)
SiemSIEM Tactics, Techiques, and Procedures
Stars: ✭ 157 (+881.25%)
irmaenpoint detection / live analysis & sandbox host / signatures quality test
Stars: ✭ 25 (+56.25%)
pyc2bytecodeA Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)
Stars: ✭ 70 (+337.5%)
ThreathuntingTools for hunting for threats.
Stars: ✭ 153 (+856.25%)
detection-rulesThreat Detection & Anomaly Detection rules for popular open-source components
Stars: ✭ 34 (+112.5%)
OrianaOriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
Stars: ✭ 152 (+850%)
SIGMA-detection-rulesSet of SIGMA rules (>250) mapped to MITRE Att@k tactic and techniques
Stars: ✭ 97 (+506.25%)
BLUELAYSearches online paste sites for certain search terms which can indicate a possible data breach.
Stars: ✭ 24 (+50%)
Threathunting SplSplunk code (SPL) useful for serious threat hunters.
Stars: ✭ 117 (+631.25%)
TwiTiThis is a project of "#Twiti: Social Listening for Threat Intelligence" (TheWebConf 2021)
Stars: ✭ 120 (+650%)
ELK-HuntingThreat Hunting with ELK Workshop (InfoSecWorld 2017)
Stars: ✭ 58 (+262.5%)
cif-v5The FASTEST way to consume threat intel.
Stars: ✭ 53 (+231.25%)
Awesome YaraA curated list of awesome YARA rules, tools, and people.
Stars: ✭ 1,394 (+8612.5%)
S2ANS2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator
Stars: ✭ 70 (+337.5%)
DetectionsThis repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant yara rules and ids signatures to detect these indicators.
Stars: ✭ 95 (+493.75%)