Judge-Jury-and-ExecutableA file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.
Stars: ✭ 66 (-23.26%)
PEiDYet another implementation of PEiD with yara
Stars: ✭ 12 (-86.05%)
Ee OutliersOpen-source framework to detect outliers in Elasticsearch events
Stars: ✭ 172 (+100%)
Threatbus🚌 The missing link to connect open-source threat intelligence tools.
Stars: ✭ 139 (+61.63%)
WhidsOpen Source EDR for Windows
Stars: ✭ 188 (+118.6%)
TA-Sysmon-deployDeploy and maintain Symon through the Splunk Deployment Sever
Stars: ✭ 31 (-63.95%)
Bearded AvengerCIF v3 -- the fastest way to consume threat intelligence
Stars: ✭ 152 (+76.74%)
MihariA helper to run OSINT queries & manage results continuously
Stars: ✭ 239 (+177.91%)
DovehawkDovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings
Stars: ✭ 97 (+12.79%)
SlidesMisc Threat Hunting Resources
Stars: ✭ 203 (+136.05%)
SysmonResourcesConsolidation of various resources related to Microsoft Sysmon & sample data/log
Stars: ✭ 64 (-25.58%)
PhishingkithunterFind phishing kits which use your brand/organization's files and image.
Stars: ✭ 177 (+105.81%)
ELK-HuntingThreat Hunting with ELK Workshop (InfoSecWorld 2017)
Stars: ✭ 58 (-32.56%)
SiemSIEM Tactics, Techiques, and Procedures
Stars: ✭ 157 (+82.56%)
utilitiesThis repository contains tools used by 401trg.
Stars: ✭ 19 (-77.91%)
OpensquatDetection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.
Stars: ✭ 149 (+73.26%)
Threathunting SplSplunk code (SPL) useful for serious threat hunters.
Stars: ✭ 117 (+36.05%)
evtx-hunterevtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.
Stars: ✭ 122 (+41.86%)
PatrowldocsPatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 105 (+22.09%)
OsweepDon't Just Search OSINT. Sweep It.
Stars: ✭ 225 (+161.63%)
ThreathuntThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.
Stars: ✭ 92 (+6.98%)
Hunting Mindmaps🔍 Mindmaps for threat hunting - work in progress.
Stars: ✭ 86 (+0%)
Yara RulesA collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.
Stars: ✭ 206 (+139.53%)
threat-intelSignatures and IoCs from public Volexity blog posts.
Stars: ✭ 130 (+51.16%)
Adaz🔧 Automatically deploy customizable Active Directory labs in Azure
Stars: ✭ 197 (+129.07%)
SSHapendoesCapture passwords of login attempts on non-existent and disabled accounts.
Stars: ✭ 31 (-63.95%)
WefflesBuild a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI
Stars: ✭ 176 (+104.65%)
DomainCATDomain Connectivity Analysis Tools to analyze aggregate connectivity patterns across a set of domains during security investigations
Stars: ✭ 34 (-60.47%)
Pcap AttackPCAP Samples for Different Post Exploitation Techniques
Stars: ✭ 175 (+103.49%)
MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (+160.47%)
PatrowlenginesPatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 162 (+88.37%)
OwlyshieldOwlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact))..
Stars: ✭ 281 (+226.74%)
ThreathuntingTools for hunting for threats.
Stars: ✭ 153 (+77.91%)
malware-persistenceCollection of malware persistence and hunting information. Be a persistent persistence hunter!
Stars: ✭ 109 (+26.74%)
OrianaOriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
Stars: ✭ 152 (+76.74%)
TelerReal-time HTTP Intrusion Detection
Stars: ✭ 1,248 (+1351.16%)
IntelowlIntel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
Stars: ✭ 2,114 (+2358.14%)
MthcAll-in-one bundle of MISP, TheHive and Cortex
Stars: ✭ 134 (+55.81%)
mail to mispConnect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.
Stars: ✭ 61 (-29.07%)
ps-srum-huntingPowerShell Script to facilitate the processing of SRUM data for on-the-fly forensics and if needed threat hunting
Stars: ✭ 16 (-81.4%)
Threat IntelArchive of publicly available threat INTel reports (mostly APT Reports but not limited to).
Stars: ✭ 252 (+193.02%)
Awesome YaraA curated list of awesome YARA rules, tools, and people.
Stars: ✭ 1,394 (+1520.93%)
DetectionsThis repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant yara rules and ids signatures to detect these indicators.
Stars: ✭ 95 (+10.47%)
Threathunter PlaybookA Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
Stars: ✭ 2,879 (+3247.67%)
PatrowlhearsPatrowlHears - Vulnerability Intelligence Center / Exploits
Stars: ✭ 89 (+3.49%)
csirtg-smrt-v1the fastest way to consume threat intelligence.
Stars: ✭ 27 (-68.6%)
Threat HuntingPersonal compilation of APT malware from whitepaper releases, documents and own research
Stars: ✭ 219 (+154.65%)
ETWNetMonv3ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
Stars: ✭ 32 (-62.79%)
PowerGRRPowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.
Stars: ✭ 52 (-39.53%)
SIGMA-detection-rulesSet of SIGMA rules (>250) mapped to MITRE Att@k tactic and techniques
Stars: ✭ 97 (+12.79%)
thremulation-stationSmall-scale threat emulation and detection range built on Elastic and Atomic Redteam.
Stars: ✭ 28 (-67.44%)
Werdlists⌨️ Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases
Stars: ✭ 216 (+151.16%)