Threathunter PlaybookA Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
Stars: ✭ 2,879 (+1431.38%)
TA-Sysmon-deployDeploy and maintain Symon through the Splunk Deployment Sever
Stars: ✭ 31 (-83.51%)
ir scriptsincident response scripts
Stars: ✭ 17 (-90.96%)
Sysmon ModularA repository of sysmon configuration modules
Stars: ✭ 1,229 (+553.72%)
ThreathuntThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.
Stars: ✭ 92 (-51.06%)
SysmonResourcesConsolidation of various resources related to Microsoft Sysmon & sample data/log
Stars: ✭ 64 (-65.96%)
OrianaOriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
Stars: ✭ 152 (-19.15%)
DetectionlabAutomate the creation of a lab environment complete with security tooling and logging best practices
Stars: ✭ 3,237 (+1621.81%)
Security OnionSecurity Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management
Stars: ✭ 2,956 (+1472.34%)
SlidesMisc Threat Hunting Resources
Stars: ✭ 203 (+7.98%)
MalwlessTest Blue Team detections without running any attack.
Stars: ✭ 215 (+14.36%)
MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (+19.15%)
TelerReal-time HTTP Intrusion Detection
Stars: ✭ 1,248 (+563.83%)
DetectionlabelkDetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
Stars: ✭ 273 (+45.21%)
ThreatpinchlookupDocumentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Stars: ✭ 257 (+36.7%)
MthcAll-in-one bundle of MISP, TheHive and Cortex
Stars: ✭ 134 (-28.72%)
rhqRecon Hunt Queries
Stars: ✭ 66 (-64.89%)
Signature BaseSignature base for my scanner tools
Stars: ✭ 1,212 (+544.68%)
Sysmon ConfigSysmon configuration file template with default high-quality event tracing
Stars: ✭ 3,287 (+1648.4%)
Sentinel AttackTools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Stars: ✭ 676 (+259.57%)
Threatbus🚌 The missing link to connect open-source threat intelligence tools.
Stars: ✭ 139 (-26.06%)
fastfinderIncident Response - Fast suspicious file finder
Stars: ✭ 116 (-38.3%)
SigmaGeneric Signature Format for SIEM Systems
Stars: ✭ 4,418 (+2250%)
ThreatingestorExtract and aggregate threat intelligence.
Stars: ✭ 439 (+133.51%)
ThreathuntingA Splunk app mapped to MITRE ATT&CK to guide your threat hunts
Stars: ✭ 738 (+292.55%)
BeagleBeagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Stars: ✭ 976 (+419.15%)
AttackdatamapA datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
Stars: ✭ 264 (+40.43%)
SysmontoolsUtilities for Sysmon
Stars: ✭ 903 (+380.32%)
YetiYour Everyday Threat Intelligence
Stars: ✭ 1,037 (+451.6%)
CirtkitTools for the Computer Incident Response Team 💻
Stars: ✭ 117 (-37.77%)
SiemSIEM Tactics, Techiques, and Procedures
Stars: ✭ 157 (-16.49%)
Threathunting SplSplunk code (SPL) useful for serious threat hunters.
Stars: ✭ 117 (-37.77%)
CacadorIndicator Extractor
Stars: ✭ 115 (-38.83%)
Imago ForensicsImago is a python tool that extract digital evidences from images.
Stars: ✭ 175 (-6.91%)
ThreathuntingTools for hunting for threats.
Stars: ✭ 153 (-18.62%)
Bearded AvengerCIF v3 -- the fastest way to consume threat intelligence
Stars: ✭ 152 (-19.15%)
Misp WarninglistsWarning lists to inform users of MISP about potential false-positives or other information in indicators
Stars: ✭ 184 (-2.13%)
Ee OutliersOpen-source framework to detect outliers in Elasticsearch events
Stars: ✭ 172 (-8.51%)
LolbasLiving Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Stars: ✭ 1,506 (+701.06%)
KiewtaiA port of Kaitai to the Hiew hex editor
Stars: ✭ 108 (-42.55%)
OpensquatDetection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.
Stars: ✭ 149 (-20.74%)
PatrowldocsPatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 105 (-44.15%)
Awesome ForensicsA curated list of awesome forensic analysis tools and resources
Stars: ✭ 1,775 (+844.15%)
ZombieantZombie Ant Farm: Primitives and Offensive Tooling for Linux EDR evasion.
Stars: ✭ 169 (-10.11%)
IntelowlIntel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
Stars: ✭ 2,114 (+1024.47%)
Awesome YaraA curated list of awesome YARA rules, tools, and people.
Stars: ✭ 1,394 (+641.49%)
DovehawkDovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings
Stars: ✭ 97 (-48.4%)
Thehive4pyPython API Client for TheHive
Stars: ✭ 143 (-23.94%)
DetectionsThis repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant yara rules and ids signatures to detect these indicators.
Stars: ✭ 95 (-49.47%)
Attack monitorEndpoint detection & Malware analysis software
Stars: ✭ 186 (-1.06%)
WefflesBuild a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI
Stars: ✭ 176 (-6.38%)
ShhmonNeutering Sysmon via driver unload
Stars: ✭ 166 (-11.7%)
Suricata UpdateThe tool for updating your Suricata rules.
Stars: ✭ 143 (-23.94%)
PatrowlhearsPatrowlHears - Vulnerability Intelligence Center / Exploits
Stars: ✭ 89 (-52.66%)