AttackdatamapA datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
Stars: ✭ 264 (-64.23%)
rhqRecon Hunt Queries
Stars: ✭ 66 (-91.06%)
Sysmon ModularA repository of sysmon configuration modules
Stars: ✭ 1,229 (+66.53%)
ThreathuntThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.
Stars: ✭ 92 (-87.53%)
ThreatingestorExtract and aggregate threat intelligence.
Stars: ✭ 439 (-40.51%)
ThreatpinchlookupDocumentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Stars: ✭ 257 (-65.18%)
Atc ReactA knowledge base of actionable Incident Response techniques
Stars: ✭ 226 (-69.38%)
S2ANS2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator
Stars: ✭ 70 (-90.51%)
TA-Sysmon-deployDeploy and maintain Symon through the Splunk Deployment Sever
Stars: ✭ 31 (-95.8%)
Sentinel AttackTools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Stars: ✭ 676 (-8.4%)
Signature BaseSignature base for my scanner tools
Stars: ✭ 1,212 (+64.23%)
OrianaOriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
Stars: ✭ 152 (-79.4%)
SlidesMisc Threat Hunting Resources
Stars: ✭ 203 (-72.49%)
DetectionlabelkDetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
Stars: ✭ 273 (-63.01%)
YetiYour Everyday Threat Intelligence
Stars: ✭ 1,037 (+40.51%)
Threathunter PlaybookA Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
Stars: ✭ 2,879 (+290.11%)
ir scriptsincident response scripts
Stars: ✭ 17 (-97.7%)
Pcap AttackPCAP Samples for Different Post Exploitation Techniques
Stars: ✭ 175 (-76.29%)
BeagleBeagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Stars: ✭ 976 (+32.25%)
MthcAll-in-one bundle of MISP, TheHive and Cortex
Stars: ✭ 134 (-81.84%)
WhidsOpen Source EDR for Windows
Stars: ✭ 188 (-74.53%)
SIGMA-detection-rulesSet of SIGMA rules (>250) mapped to MITRE Att@k tactic and techniques
Stars: ✭ 97 (-86.86%)
MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (-69.65%)
BluespawnAn Active Defense and EDR software to empower Blue Teams
Stars: ✭ 737 (-0.14%)
MalwlessTest Blue Team detections without running any attack.
Stars: ✭ 215 (-70.87%)
fastfinderIncident Response - Fast suspicious file finder
Stars: ✭ 116 (-84.28%)
Auditd AttackA Linux Auditd rule set mapped to MITRE's Attack Framework
Stars: ✭ 642 (-13.01%)
Attack ScriptsScripts and a (future) library to improve users' interactions with the ATT&CK content
Stars: ✭ 290 (-60.7%)
MeerkatA collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
Stars: ✭ 284 (-61.52%)
RecuperabitA tool for forensic file system reconstruction.
Stars: ✭ 280 (-62.06%)
Cyberchef RecipesA list of cyber-chef recipes and curated links
Stars: ✭ 619 (-16.12%)
Misp GalaxyClusters and elements to attach to MISP events or attributes (like threat actors)
Stars: ✭ 276 (-62.6%)
ShuffleShuffle: A general purpose security automation platform platform. We focus on accessibility for all.
Stars: ✭ 424 (-42.55%)
Security OnionSecurity Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management
Stars: ✭ 2,956 (+300.54%)
LolbasLiving Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Stars: ✭ 3,810 (+416.26%)
FclFCL (Fileless Command Lines) - Known command lines of fileless malicious executions
Stars: ✭ 409 (-44.58%)
Sysmon ConfigSysmon configuration file template with default high-quality event tracing
Stars: ✭ 3,287 (+345.39%)
ZeekZeek is a powerful network analysis framework that is much different from the typical IDS you may know.
Stars: ✭ 4,180 (+466.4%)
HelkThe Hunting ELK
Stars: ✭ 3,097 (+319.65%)
DnstwistDomain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
Stars: ✭ 3,124 (+323.31%)
HindsightWeb browser forensics for Google Chrome/Chromium
Stars: ✭ 589 (-20.19%)
LookylooLookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.
Stars: ✭ 381 (-48.37%)
KuiperDigital Forensics Investigation Platform
Stars: ✭ 257 (-65.18%)
PatrowlmanagerPatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Stars: ✭ 363 (-50.81%)
StalkphishStalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.
Stars: ✭ 256 (-65.31%)
MemlabsEducational, CTF-styled labs for individuals interested in Memory Forensics
Stars: ✭ 696 (-5.69%)
YobiYara Based Detection Engine for web browsers
Stars: ✭ 39 (-94.72%)
KlaraKaspersky's GReAT KLara
Stars: ✭ 565 (-23.44%)
Swap digger swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.
Stars: ✭ 354 (-52.03%)
VanillaWindowsReferenceA repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update.
Stars: ✭ 24 (-96.75%)
ThehivedocsDocumentation of TheHive
Stars: ✭ 353 (-52.17%)
yara-rulesYara rules written by me, for free use.
Stars: ✭ 13 (-98.24%)
DiffyDiffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
Stars: ✭ 555 (-24.8%)
Mac aptmacOS Artifact Parsing Tool
Stars: ✭ 329 (-55.42%)