Awesome Open Source
Search
Programming Languages
Languages
All Categories
Categories
About
Search results for threat hunting
threat-hunting
x
260 search results found
Mthc
⭐
154
All-in-one bundle of MISP, TheHive and Cortex
Patrowlhears
⭐
150
PatrowlHears - Vulnerability Intelligence Center / Exploits
Gene
⭐
149
Signature engine for all your logs
Ioc Finder
⭐
144
Simple, effective, and modular package for parsing observables (indicators of compromise (IOCs), network data, and other, security related information) from text. It uses grammars rather than regexes which makes it more readable, maintainable, and hackable. Explore our interactive documentation here: https://hightower.space/ioc-finder/
Oriana
⭐
136
Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
Malware Persistence
⭐
134
Collection of malware persistence and hunting information. Be a persistent persistence hunter!
Rita J
⭐
134
Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.
Subcrawl
⭐
134
SubCrawl is a modular framework for discovering open directories, identifying unique content through signatures and organizing the data with optional output modules, such as MISP.
Docintel
⭐
133
Open Source Platform for storing, organizing, and searching documents related to cyber threats
Raven
⭐
125
Advanced Cyber Threat Map (Simplified, customizable, responsive and optimized)
Blue Teaming With Kql
⭐
125
Repository with Sample KQL Query examples for Threat Hunting
Infosec And Hacking Scripts
⭐
118
🚀 This is a collection of hacking🔥 and pentesting 🧐 scripts to help with enumeration, OSINT, exploitation and post exploitation automated scripts to make hacking easier🌠. Have fun!😎
Patrowldocs
⭐
118
PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Analyst Arsenal
⭐
114
A toolkit for Security Researchers
Tht
⭐
112
Threat Hunting Toolkit is a Swiss Army knife for threat hunting, log processing, and security-focused data science
Crawlector
⭐
110
Crawlector is a threat hunting framework designed for scanning websites for malicious objects.
Dovehawk
⭐
107
Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings
Purpleteam
⭐
106
Purpleteam scripts simulation & Detection - trigger events for SOC detections
Mindmaps
⭐
106
🔍 Mindmaps for threat hunting - work in progress.
Murmurhash
⭐
101
This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.
Detections
⭐
98
This repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant yara rules and ids signatures to detect these indicators.
Thiri Notebook
⭐
95
The Threat Hunting In Rapid Iterations (THIRI) Jupyter notebook is designed as a research aide to let you rapidly prototype threat hunting rules.
Posint
⭐
95
Gather Open-Source Intelligence using PowerShell.
Evtx Hunter
⭐
93
evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.
Tylium
⭐
87
Primary data pipelines for intrusion detection, security analytics and threat hunting
Malware Feed
⭐
82
Bringing you the best of the worst files on the Internet.
Uncoder_io
⭐
81
An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy.
Awesome Malware Persistence
⭐
78
A curated list of awesome malware persistence tools and resources.
Aimod2
⭐
77
Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proactively identify, engage and prevent cyber threats denying or mitigating potential damage to the organization.
Controlcompass.github.io
⭐
76
Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques
Advancedhuntingqueries
⭐
73
Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant
Threathunt
⭐
70
ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.
Awesome Annual Security Reports
⭐
70
A curated list of annual cyber security reports
Judge Jury And Executable
⭐
68
A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.
Ioc Explorer
⭐
66
Explore Indicators of Compromise Automatically
Sqhunter
⭐
65
A simple threat hunting tool based on osquery, Salt Open and Cymon API
Mail_to_misp
⭐
65
Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.
Falcon Query Assets
⭐
64
Welcome to the Falcon Query Assets GitHub page.
Secbert
⭐
61
pretrained BERT model for cyber security text, learned CyberSecurity Knowledge
Falco Gpt
⭐
61
AI-generated remediations for Falco audit events
Cif V5
⭐
56
The FASTEST way to consume threat intel.
Pylirt
⭐
52
Pylirt - Python Linux Incident Response Toolkit
Favihunter
⭐
51
Hunting assets on the internet using favicon hashes
Powergrr
⭐
51
PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.
S2an
⭐
51
S2AN - Mapper of Sigma Rules ➡️ MITRE ATT&CK
Wafaray
⭐
49
Enhance your malware detection with WAF + YARA (WAFARAY)
Threat Hunting With Notebooks
⭐
47
Repository with Sample threat hunting notebooks on Security Event Log Data Sources
Osint Brazuca Nuclei Templates
⭐
47
Repositório criado com intuito de reunir templates da ferramenta Nuclei dentro do contexto Brasil
Rajappan
⭐
44
An All in one Project for Digital Privacy. A step towards a PRIVATE FUTURE
Remotemanagementmonitoringtools
⭐
42
Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations
Ironnettr
⭐
41
Threat research and reporting from IronNet's Threat Research Teams
Sysmonresources
⭐
40
Consolidation of various resources related to Microsoft Sysmon & sample data/log
Rpot2
⭐
40
Real-time Packet Observation Tool
Elk Hunting
⭐
39
Threat Hunting with ELK Workshop (InfoSecWorld 2017)
Knowledge Enhanced Attack Graph
⭐
39
AttacKG: Constructing Knowledge-enhanced Attack Graphs from Cyber Threat Intelligence Reports
Conference Talks
⭐
37
Slides for my conference talks
Censys Recon Ng
⭐
36
recon-ng modules for Censys
Detection Rules
⭐
36
Threat Detection & Anomaly Detection rules for popular open-source components
Rdfp
⭐
34
Remote Desktop Client Fingerprint script for Zeek. Based off of https://github.com/0x4D31/fatt
Threat Hunting
⭐
34
This repo is dedicated to all my tricks, tweaks and modules for testing and hunting threats. This repo contains multiple directories which are in their own, different modules required for threat hunting. This repo will be updated as and when new changes are made.
Fastfinder
⭐
34
Incident Response - Fast suspicious file finder
Yara Scanner
⭐
34
YaraScanner is a file pattern-matching tool based on YARA rules.
Threat Hunting Samples
⭐
33
Three datasets to practice Threat Hunting against.
Threathunting Keywords Sigma Rules
⭐
32
Sigma detection rules for hunting with the threathunting-keywords project
Azsentinelqueries
⭐
31
Repository with Sentinel Analytics Rules and Hunting Queries
Sshapendoes
⭐
31
Capture passwords of login attempts on non-existent and disabled accounts.
Hassh Utils
⭐
29
hassh-utils: Nmap NSE Script and Docker image for HASSH - the SSH client/server fingerprinting method (https://github.com/salesforce/hassh)
Misp Tools
⭐
28
Import CrowdStrike Threat Intelligence into your instance of MISP
Csirtg Smrt V1
⭐
27
the fastest way to consume threat intelligence.
Etwnetmonv3
⭐
27
ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
Malware Sample Sources
⭐
27
Malware Sample Sources
Domaincat
⭐
26
Domain Connectivity Analysis Tools to analyze aggregate connectivity patterns across a set of domains during security investigations
Sysmonconfigpusher
⭐
26
Pushes Sysmon Configs
Douglas 042
⭐
26
Powershell script to help Speed up Threat hunting incident response processes
Verbose Robot
⭐
26
The Fastest way to consume Threat Intel
Vendor Threat Triage Lookup
⭐
26
Lookup file hashes, domain names and IP addresses using various vendors to assist with triaging potential threats.
Ioc_signatures
⭐
25
Repository with selected IOCs and YARA rules for threat hunting.
Thremulation Station
⭐
24
Small-scale threat emulation and detection range built on Elastic and Atomic Redteam.
Ta Sysmon Deploy
⭐
24
Deploy and maintain Symon through the Splunk Deployment Sever
Tigma
⭐
24
Sigma Engine implementation in TypeScript
Infrastructure Tracking Schema
⭐
22
Ddwpasterecon
⭐
22
DDWPasteRecon tool will help you identify code leak, sensitive files, plaintext passwords, password hashes. It also allow member of SOC & Blue Team to gain situational awareness of the organisation's web exposure on the pastesites. It Utilises Google's indexing of pastesites to gain targeted intelligence of the organisation. Blue & SOC teams can collect and analyse data from these indexed pastesites to better protect against unknown threats.
Sophos Central Api Connector
⭐
22
Leverage Sophos Central API
Bluelay
⭐
21
Searches online paste sites for certain search terms which can indicate a possible data breach.
Akamaru
⭐
20
Sniffing out well-known threat groups
Threatintelligence
⭐
19
Tracking APT IOCs
Pybinaryedge
⭐
18
Python 3 Wrapper for the BinaryEdge API https://www.binaryedge.io/
Cybersecurity Threat Detection
⭐
18
An ongoing & curated collection of awesome software best practices and remediation techniques, libraries and frameworks, E-books and videos, Technical guidelines and important resources about Threat Detection & Hunting.
Threathunting Keywords Yara Rules
⭐
17
yara detection rules for hunting with the threathunting-keywords project
Chad
⭐
17
Search Google Dorks like Chad. / Social media takeover tool.
Threat Intelligence Researches
⭐
17
The Brandefense cyber threat intelligence team is always researching new threats and writing research reports. Our latest Threat Reports is available for download. This reports covers the latest activity from APT groups, as well as new information on ransomware and phishing attacks. We recommend that all Brandefense followers download this reports and keep it handy in case they need to refer to it in the future.
Geoipplotter
⭐
17
GeoIP plotting script written in Python to help security teams draw visualized reports from IP addresses
Cti Stix Diamond Activity Attack Graph
⭐
17
STIX 2.1 Visualizer, Attack and Activity Thread Graph for Threat Modeling
Domainthreat
⭐
17
Daily Domain Monitoring to detect phishing and brand impersonation with subdomain enumeration and source code scraping
Mass Scanning Tools
⭐
17
Various scripts for mass-scanning engagements of world-facing services.
Cs Discovery
⭐
16
Finding Cobalt Strike fingerprint on targets via traffic telemetry.
Memoirs Of A Threat Hunter
⭐
16
My personal experience in Threat Hunting and knowledge gained so far.
Linux Exploit Detection
⭐
16
Linux based vulnerabilities (CVE) exploit detection through runtime security using Falco/Osquery/Yara/Sigma
Yafra
⭐
16
YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.
Xn Twist
⭐
16
Find Unicode (including Internationalized) domain squats. https://xntwist.hightower.space/
101-200 of 260 search results
< Previous
Next >
Privacy
|
About
|
Terms
|
Follow Us On Twitter
Copyright 2018-2024 Awesome Open Source. All rights reserved.