ThreathuntingTools for hunting for threats.
Stars: ✭ 153 (-25.73%)
Judge-Jury-and-ExecutableA file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.
Stars: ✭ 66 (-67.96%)
Awesome YaraA curated list of awesome YARA rules, tools, and people.
Stars: ✭ 1,394 (+576.7%)
Signature BaseSignature base for my scanner tools
Stars: ✭ 1,212 (+488.35%)
RpotReal-time Packet Observation Tool
Stars: ✭ 38 (-81.55%)
ThreatingestorExtract and aggregate threat intelligence.
Stars: ✭ 439 (+113.11%)
DetectionsThis repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant yara rules and ids signatures to detect these indicators.
Stars: ✭ 95 (-53.88%)
OrianaOriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
Stars: ✭ 152 (-26.21%)
TelerReal-time HTTP Intrusion Detection
Stars: ✭ 1,248 (+505.83%)
Sysmon ModularA repository of sysmon configuration modules
Stars: ✭ 1,229 (+496.6%)
Ee OutliersOpen-source framework to detect outliers in Elasticsearch events
Stars: ✭ 172 (-16.5%)
MthcAll-in-one bundle of MISP, TheHive and Cortex
Stars: ✭ 134 (-34.95%)
Ioc ExplorerExplore Indicators of Compromise Automatically
Stars: ✭ 73 (-64.56%)
PatrowldocsPatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 105 (-49.03%)
DovehawkDovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings
Stars: ✭ 97 (-52.91%)
PatrowlhearsPatrowlHears - Vulnerability Intelligence Center / Exploits
Stars: ✭ 89 (-56.8%)
PhishingkithunterFind phishing kits which use your brand/organization's files and image.
Stars: ✭ 177 (-14.08%)
IntelowlIntel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
Stars: ✭ 2,114 (+926.21%)
Yara EndpointYara-Endpoint is a tool useful for incident response as well as anti-malware enpoint base on Yara signatures.
Stars: ✭ 75 (-63.59%)
Malware FeedBringing you the best of the worst files on the Internet.
Stars: ✭ 69 (-66.5%)
Walkoff AppsWALKOFF-enabled applications. #nsacyber
Stars: ✭ 125 (-39.32%)
BinaryalertBinaryAlert: Serverless, Real-time & Retroactive Malware Detection.
Stars: ✭ 1,125 (+446.12%)
YarasigsVarious Yara signatures (possibly to be included in a release later).
Stars: ✭ 59 (-71.36%)
PatrowlenginesPatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 162 (-21.36%)
PecliCLI tool to analyze PE files
Stars: ✭ 46 (-77.67%)
YaraguardianDjango web interface for managing Yara rules
Stars: ✭ 156 (-24.27%)
WefflesBuild a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI
Stars: ✭ 176 (-14.56%)
ThreathuntThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.
Stars: ✭ 92 (-55.34%)
Bearded AvengerCIF v3 -- the fastest way to consume threat intelligence
Stars: ✭ 152 (-26.21%)
Hunting Mindmaps🔍 Mindmaps for threat hunting - work in progress.
Stars: ✭ 86 (-58.25%)
Adaz🔧 Automatically deploy customizable Active Directory labs in Azure
Stars: ✭ 197 (-4.37%)
OpensquatDetection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.
Stars: ✭ 149 (-27.67%)
Pcap AttackPCAP Samples for Different Post Exploitation Techniques
Stars: ✭ 175 (-15.05%)
ApkidAndroid Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android
Stars: ✭ 999 (+384.95%)
Lw YaraYara Ruleset for scanning Linux servers for shells, spamming, phishing and other webserver baddies
Stars: ✭ 78 (-62.14%)
Threatbus🚌 The missing link to connect open-source threat intelligence tools.
Stars: ✭ 139 (-32.52%)
MascA Web Malware Scanner
Stars: ✭ 74 (-64.08%)
UrsadbTrigram database written in C++, suited for malware indexing
Stars: ✭ 72 (-65.05%)
IocsSophos-originated indicators-of-compromise from published reports
Stars: ✭ 128 (-37.86%)
BalbuzardBalbuzard is a package of malware analysis tools in python to extract patterns of interest from suspicious files (IP addresses, domain names, known file headers, interesting strings, etc). It can also crack malware obfuscation such as XOR, ROL, etc by bruteforcing and checking for those patterns.
Stars: ✭ 70 (-66.02%)
DailyiocIOC from articles, tweets for archives
Stars: ✭ 167 (-18.93%)
Threathunting SplSplunk code (SPL) useful for serious threat hunters.
Stars: ✭ 117 (-43.2%)
YetiYour Everyday Threat Intelligence
Stars: ✭ 1,037 (+403.4%)
WhidsOpen Source EDR for Windows
Stars: ✭ 188 (-8.74%)
BinjadockAn extendable, tabbed, dockable UI widget plugin for BinaryNinja https://binary.ninja.
Stars: ✭ 34 (-83.5%)
BeagleBeagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Stars: ✭ 976 (+373.79%)
LokiLoki - Simple IOC and Incident Response Scanner
Stars: ✭ 2,217 (+976.21%)
Malware IocIndicators of Compromises (IOC) of our various investigations
Stars: ✭ 955 (+363.59%)
PlyaraParse YARA rules and operate over them more easily.
Stars: ✭ 108 (-47.57%)
SlidesMisc Threat Hunting Resources
Stars: ✭ 203 (-1.46%)
Go YaraGo bindings for YARA
Stars: ✭ 198 (-3.88%)