249 Open source projects that are alternatives of or similar to Threathunting

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

Recon Hunt Queries

A repository of sysmon configuration modules

Windows Events Attack Samples

ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.

Extract and aggregate threat intelligence.

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension

A knowledge base of actionable Incident Response techniques

S2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator

Deploy and maintain Symon through the Splunk Deployment Sever

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

Signature base for my scanner tools

Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.

Misc Threat Hunting Resources

DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.

JSON DataSet for macOS mapped to MITRE ATT&CK Tactics.

Your Everyday Threat Intelligence

A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.

incident response scripts

PCAP Samples for Different Post Exploitation Techniques

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

All-in-one bundle of MISP, TheHive and Cortex

Open Source EDR for Windows

Set of SIGMA rules (>250) mapped to MITRE Att@k tactic and techniques

#ThreatHunting #DFIR #Malware #Detection Mind Maps

An Active Defense and EDR software to empower Blue Teams

Test Blue Team detections without running any attack.

Incident Response - Fast suspicious file finder

A Linux Auditd rule set mapped to MITRE's Attack Framework

Scripts and a (future) library to improve users' interactions with the ATT&CK content

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

A tool for forensic file system reconstruction.

A list of cyber-chef recipes and curated links

A curated list of tools for incident response

Clusters and elements to attach to MISP events or attributes (like threat actors)

Shuffle: A general purpose security automation platform platform. We focus on accessibility for all.

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

Actionable analytics designed to combat threats

FCL (Fileless Command Lines) - Known command lines of fileless malicious executions

Sysmon configuration file template with default high-quality event tracing

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

The Hunting ELK

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

Web browser forensics for Google Chrome/Chromium

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.

Digital Forensics Investigation Platform

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.

Educational, CTF-styled labs for individuals interested in Memory Forensics

Yara Based Detection Engine for web browsers

Kaspersky's GReAT KLara

swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.

A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update.

Documentation of TheHive

Yara rules written by me, for free use.

Repository with Sample KQL Query examples for Threat Hunting

Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.

macOS Artifact Parsing Tool