Awesome Open Source

Programming Languages

Search results for threat hunting

threat-hunting x

260 search results found

All-in-one bundle of MISP, TheHive and Cortex

Patrowlhears ⭐ 150

PatrowlHears - Vulnerability Intelligence Center / Exploits

Signature engine for all your logs

Ioc Finder ⭐ 144

Simple, effective, and modular package for parsing observables (indicators of compromise (IOCs), network data, and other, security related information) from text. It uses grammars rather than regexes which makes it more readable, maintainable, and hackable. Explore our interactive documentation here: https://hightower.space/ioc-finder/

Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.

Malware Persistence ⭐ 134

Collection of malware persistence and hunting information. Be a persistent persistence hunter!

Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.

Subcrawl ⭐ 134

SubCrawl is a modular framework for discovering open directories, identifying unique content through signatures and organizing the data with optional output modules, such as MISP.

Docintel ⭐ 133

Open Source Platform for storing, organizing, and searching documents related to cyber threats

Advanced Cyber Threat Map (Simplified, customizable, responsive and optimized)

Blue Teaming With Kql ⭐ 125

Repository with Sample KQL Query examples for Threat Hunting

Infosec And Hacking Scripts ⭐ 118

🚀 This is a collection of hacking🔥 and pentesting 🧐 scripts to help with enumeration, OSINT, exploitation and post exploitation automated scripts to make hacking easier🌠. Have fun!😎

Patrowldocs ⭐ 118

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

Analyst Arsenal ⭐ 114

A toolkit for Security Researchers

Threat Hunting Toolkit is a Swiss Army knife for threat hunting, log processing, and security-focused data science

Crawlector ⭐ 110

Crawlector is a threat hunting framework designed for scanning websites for malicious objects.

Dovehawk ⭐ 107

Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings

Purpleteam ⭐ 106

Purpleteam scripts simulation & Detection - trigger events for SOC detections

Mindmaps ⭐ 106

🔍 Mindmaps for threat hunting - work in progress.

Murmurhash ⭐ 101

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

Detections ⭐ 98

This repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant yara rules and ids signatures to detect these indicators.

Thiri Notebook ⭐ 95

The Threat Hunting In Rapid Iterations (THIRI) Jupyter notebook is designed as a research aide to let you rapidly prototype threat hunting rules.

Gather Open-Source Intelligence using PowerShell.

Evtx Hunter ⭐ 93

evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.

Primary data pipelines for intrusion detection, security analytics and threat hunting

Malware Feed ⭐ 82

Bringing you the best of the worst files on the Internet.

Uncoder_io ⭐ 81

An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy.

Awesome Malware Persistence ⭐ 78

A curated list of awesome malware persistence tools and resources.

Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proactively identify, engage and prevent cyber threats denying or mitigating potential damage to the organization.

Controlcompass.github.io ⭐ 76

Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques

Advancedhuntingqueries ⭐ 73

Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant

Threathunt ⭐ 70

ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.

Awesome Annual Security Reports ⭐ 70

A curated list of annual cyber security reports

Judge Jury And Executable ⭐ 68

A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.

Ioc Explorer ⭐ 66

Explore Indicators of Compromise Automatically

Sqhunter ⭐ 65

A simple threat hunting tool based on osquery, Salt Open and Cymon API

Mail_to_misp ⭐ 65

Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.

Falcon Query Assets ⭐ 64

Welcome to the Falcon Query Assets GitHub page.

pretrained BERT model for cyber security text, learned CyberSecurity Knowledge

Falco Gpt ⭐ 61

AI-generated remediations for Falco audit events

The FASTEST way to consume threat intel.

Pylirt - Python Linux Incident Response Toolkit

Favihunter ⭐ 51

Hunting assets on the internet using favicon hashes

Powergrr ⭐ 51

PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.

S2AN - Mapper of Sigma Rules ➡️ MITRE ATT&CK

Enhance your malware detection with WAF + YARA (WAFARAY)

Threat Hunting With Notebooks ⭐ 47

Repository with Sample threat hunting notebooks on Security Event Log Data Sources

Osint Brazuca Nuclei Templates ⭐ 47

Repositório criado com intuito de reunir templates da ferramenta Nuclei dentro do contexto Brasil

Rajappan ⭐ 44

An All in one Project for Digital Privacy. A step towards a PRIVATE FUTURE

Remotemanagementmonitoringtools ⭐ 42

Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations

Ironnettr ⭐ 41

Threat research and reporting from IronNet's Threat Research Teams

Sysmonresources ⭐ 40

Consolidation of various resources related to Microsoft Sysmon & sample data/log

Real-time Packet Observation Tool

Elk Hunting ⭐ 39

Threat Hunting with ELK Workshop (InfoSecWorld 2017)

Knowledge Enhanced Attack Graph ⭐ 39

AttacKG: Constructing Knowledge-enhanced Attack Graphs from Cyber Threat Intelligence Reports

Conference Talks ⭐ 37

Slides for my conference talks

Censys Recon Ng ⭐ 36

recon-ng modules for Censys

Detection Rules ⭐ 36

Threat Detection & Anomaly Detection rules for popular open-source components

Remote Desktop Client Fingerprint script for Zeek. Based off of https://github.com/0x4D31/fatt

Threat Hunting ⭐ 34

This repo is dedicated to all my tricks, tweaks and modules for testing and hunting threats. This repo contains multiple directories which are in their own, different modules required for threat hunting. This repo will be updated as and when new changes are made.

Fastfinder ⭐ 34

Incident Response - Fast suspicious file finder

Yara Scanner ⭐ 34

YaraScanner is a file pattern-matching tool based on YARA rules.

Threat Hunting Samples ⭐ 33

Three datasets to practice Threat Hunting against.

Threathunting Keywords Sigma Rules ⭐ 32

Sigma detection rules for hunting with the threathunting-keywords project

Azsentinelqueries ⭐ 31

Repository with Sentinel Analytics Rules and Hunting Queries

Sshapendoes ⭐ 31

Capture passwords of login attempts on non-existent and disabled accounts.

Hassh Utils ⭐ 29

hassh-utils: Nmap NSE Script and Docker image for HASSH - the SSH client/server fingerprinting method (https://github.com/salesforce/hassh)

Misp Tools ⭐ 28

Import CrowdStrike Threat Intelligence into your instance of MISP

Csirtg Smrt V1 ⭐ 27

the fastest way to consume threat intelligence.

Etwnetmonv3 ⭐ 27

ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.

Malware Sample Sources ⭐ 27

Malware Sample Sources

Domaincat ⭐ 26

Domain Connectivity Analysis Tools to analyze aggregate connectivity patterns across a set of domains during security investigations

Sysmonconfigpusher ⭐ 26

Pushes Sysmon Configs

Douglas 042 ⭐ 26

Powershell script to help Speed up Threat hunting incident response processes

Verbose Robot ⭐ 26

The Fastest way to consume Threat Intel

Vendor Threat Triage Lookup ⭐ 26

Lookup file hashes, domain names and IP addresses using various vendors to assist with triaging potential threats.

Ioc_signatures ⭐ 25

Repository with selected IOCs and YARA rules for threat hunting.

Thremulation Station ⭐ 24

Small-scale threat emulation and detection range built on Elastic and Atomic Redteam.

Ta Sysmon Deploy ⭐ 24

Deploy and maintain Symon through the Splunk Deployment Sever

Sigma Engine implementation in TypeScript

Infrastructure Tracking Schema ⭐ 22

Ddwpasterecon ⭐ 22

DDWPasteRecon tool will help you identify code leak, sensitive files, plaintext passwords, password hashes. It also allow member of SOC & Blue Team to gain situational awareness of the organisation's web exposure on the pastesites. It Utilises Google's indexing of pastesites to gain targeted intelligence of the organisation. Blue & SOC teams can collect and analyse data from these indexed pastesites to better protect against unknown threats.

Sophos Central Api Connector ⭐ 22

Leverage Sophos Central API

Searches online paste sites for certain search terms which can indicate a possible data breach.

Sniffing out well-known threat groups

Threatintelligence ⭐ 19

Tracking APT IOCs

Pybinaryedge ⭐ 18

Python 3 Wrapper for the BinaryEdge API https://www.binaryedge.io/

Cybersecurity Threat Detection ⭐ 18

An ongoing & curated collection of awesome software best practices and remediation techniques, libraries and frameworks, E-books and videos, Technical guidelines and important resources about Threat Detection & Hunting.

Threathunting Keywords Yara Rules ⭐ 17

yara detection rules for hunting with the threathunting-keywords project

Search Google Dorks like Chad. / Social media takeover tool.

Threat Intelligence Researches ⭐ 17

The Brandefense cyber threat intelligence team is always researching new threats and writing research reports. Our latest Threat Reports is available for download. This reports covers the latest activity from APT groups, as well as new information on ransomware and phishing attacks. We recommend that all Brandefense followers download this reports and keep it handy in case they need to refer to it in the future.

Geoipplotter ⭐ 17

GeoIP plotting script written in Python to help security teams draw visualized reports from IP addresses

Cti Stix Diamond Activity Attack Graph ⭐ 17

STIX 2.1 Visualizer, Attack and Activity Thread Graph for Threat Modeling

Domainthreat ⭐ 17

Daily Domain Monitoring to detect phishing and brand impersonation with subdomain enumeration and source code scraping

Mass Scanning Tools ⭐ 17

Various scripts for mass-scanning engagements of world-facing services.

Cs Discovery ⭐ 16

Finding Cobalt Strike fingerprint on targets via traffic telemetry.

Memoirs Of A Threat Hunter ⭐ 16

My personal experience in Threat Hunting and knowledge gained so far.

Linux Exploit Detection ⭐ 16

Linux based vulnerabilities (CVE) exploit detection through runtime security using Falco/Osquery/Yara/Sigma

YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.

Xn Twist ⭐ 16

Find Unicode (including Internationalized) domain squats. https://xntwist.hightower.space/

101-200 of 260 search results

Privacy | About | Terms | Follow Us On Twitter

Copyright 2018-2024 Awesome Open Source. All rights reserved.