205 Open source projects that are alternatives of or similar to Scot

#ThreatHunting #DFIR #Malware #Detection Mind Maps

YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.

Microsoft Sentinel SOC Operations

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

ThePhish: an automated phishing email analysis tool

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.

Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.

Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

Explore Indicators of Compromise Automatically

All-in-one bundle of MISP, TheHive and Cortex

SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threats.

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

Set of Maltego transforms to inferface with a MISP Threat Sharing instance, and also to explore the whole MITRE ATT&CK dataset.

A toolkit for Security Researchers

Monitor certificates generated for specific domain strings and associated, store data into sqlite3 database, alert you when sites come online.

This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions

Fast and efficient osquery management

Detection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.

Python3 library and command line for GreyNoise

Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings

Domain name permutation engine written in Go

PatrowlHears - Vulnerability Intelligence Center / Exploits

Real-time HTTP Intrusion Detection

Detecting ATT&CK techniques & tactics for Linux

Find phishing kits which use your brand/organization's files and image.

Monzo's real-time incident response and reporting tool ⚡️

Wazuh - Project documentation

Invoke-LiveResponse

This repo contains logstash of various honeypots

Warning lists to inform users of MISP about potential false-positives or other information in indicators

🔍 Offline Analyzer for extracting features, artifacts and IoCs from Windows, Linux, Android, iPhone, Blackberry, macOS binaries, emails and more

Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.

Python script to decode common encoded PowerShell scripts

SIAC is an enterprise SIEM built on open-source technology.

Automated Docker MISP container - Malware Information Sharing Platform and Threat Sharing

ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.

Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI

A curated list of awesome things related to TheHive & Cortex

The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.

Modules for expansion services, import and export in MISP

Signature base for my scanner tools

Phishing catcher using Certstream

Authors

Imago is a python tool that extract digital evidences from images.

Python API Client for TheHive

Yara-Endpoint is a tool useful for incident response as well as anti-malware enpoint base on Yara signatures.

Bringing you the best of the worst files on the Internet.

A dashboard for a real-time overview of threat intelligence from MISP instances

ioc2rpz is a place where threat intelligence meets DNS.

With the hope that someone finds the data useful, we periodically publish an archive of almost all of the non-sensitive vulnerability information in our vulnerability reports database. See also https://github.com/CERTCC/Vulnerability-Data-Archive-Tools

MISP trainings, threat intel and information sharing training materials with source code

Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders

🚌 The missing link to connect open-source threat intelligence tools.

A role-playing game for incident management training

Malware Analysis, Threat Intelligence and Reverse Engineering: LABS

Test the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-CradleCrafter/Invoke-DOSfuscation payloads

Information about my experiences on ethical hacking 💀

Taxonomies used in MISP taxonomy system and can be used by other information sharing tool.

PS / Bash / Python / Other scripts For FUN!