Trending repositories for topic threat-hunting

Live Feed of C2 servers, tools, and botnets

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspi...

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, and case mana...

A repository of sysmon configuration modules

✨ A curated list of awesome threat detection and hunting resources 🕵️‍♂️

IntelOwl: manage your Threat Intelligence at scale

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

A curated list of awesome YARA rules, tools, and people.

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

Windows Events Attack Samples

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

Threat-hunting tool for Linux

Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.

Malware Sample Sources

Extract and aggregate threat intelligence.

A query aggregator for OSINT based threat hunting

🚀🚀 This is a 🎇🔥 REAL WORLD🔥 🎇 Malware Collection I have Compiled & analysed by researchers🔥 to understand more about Malware threats😈, analysis and mitigation🧐.

A Suricata based IDS/IPS/NSM distro

An Active Defense and EDR software to empower Blue Teams

Live Feed of C2 servers, tools, and botnets

Harness the power of Splunk for your investigations

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspi...

Threat-hunting tool for Linux

Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.

Malware Sample Sources

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

Bringing you the best of the worst files on the Internet.

A suite for hunting suspicious targets, expose domains and phishing discovery

Extract and aggregate threat intelligence.

A query aggregator for OSINT based threat hunting

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, and case mana...

A repository of sysmon configuration modules

Automatically created C2 Feeds

🚀🚀 This is a 🎇🔥 REAL WORLD🔥 🎇 Malware Collection I have Compiled & analysed by researchers🔥 to understand more about Malware threats😈, analysis and mitigation🧐.

DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.

常见的黑客行为监测特征及方法，涵盖端点和流量，未包含PowerShell和Sysmon。预祝运营生活愉快！

A Suricata based IDS/IPS/NSM distro

Scirius is a web application for Suricata ruleset management and threat hunting.

An Active Defense and EDR software to empower Blue Teams

Live Feed of C2 servers, tools, and botnets

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspi...

A repository of sysmon configuration modules

A curated list of awesome YARA rules, tools, and people.

✨ A curated list of awesome threat detection and hunting resources 🕵️‍♂️

IntelOwl: manage your Threat Intelligence at scale

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, and case mana...

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

Rapidly Search and Hunt through Windows Forensic Artefacts

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.

Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, Threa...

常见的黑客行为监测特征及方法，涵盖端点和流量，未包含PowerShell和Sysmon。预祝运营生活愉快！

Your Everyday Threat Intelligence

Windows Events Attack Samples

Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.

Harness the power of Splunk for your investigations

Live Feed of C2 servers, tools, and botnets

A curated list of annual cyber security reports

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspi...

Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.

A large repository of malware samples with 2500+ malware samples & source codes for a variety of platforms by Cryptware Apps.

常见的黑客行为监测特征及方法，涵盖端点和流量，未包含PowerShell和Sysmon。预祝运营生活愉快！

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

Bringing you the best of the worst files on the Internet.

Threat-hunting tool for Linux

A suite for hunting suspicious targets, expose domains and phishing discovery

Automatically created C2 Feeds

SIEM Tactics, Techiques, and Procedures

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).

A repository of sysmon configuration modules

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.

Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.

Extract and aggregate threat intelligence.

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, and case mana...

✨ A curated list of awesome threat detection and hunting resources 🕵️‍♂️

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

A curated list of annual cyber security reports

Live Feed of C2 servers, tools, and botnets

IntelOwl: manage your Threat Intelligence at scale

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

Harness the power of Splunk for your investigations

A curated list of awesome YARA rules, tools, and people.

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.

Sysmon configuration file template with default high-quality event tracing

Interesting APT Report Collection And Some Special IOC

Rapidly Search and Hunt through Windows Forensic Artefacts

Cover various security approaches to attack techniques and also provides new discoveries about security breaches.

A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).

This repository contains Open Source freely usable Threat Intel feeds that can be used without additional requirements. Contains multiple types such as IP, URL, CVE and Hash.

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspi...

Harness the power of Splunk for your investigations

Newly registered Domain Monitoring to detect phishing and brand impersonation with subdomain enumeration and source code scraping

A curated list of annual cyber security reports

Malicious IP source.

Live Feed of C2 servers, tools, and botnets

Anvilogic Forge

yara detection rules for hunting with the threathunting-keywords project

Repository with Sentinel Analytics Rules and Hunting Queries

A suite for hunting suspicious targets, expose domains and phishing discovery

M365/Azure adversary simulation tool designed to simulate adversary techniques and generate attack telemetry.

AttacKG: Constructing Knowledge-enhanced Attack Graphs from Cyber Threat Intelligence Reports

Cover various security approaches to attack techniques and also provides new discoveries about security breaches.

Threat-hunting tool for Linux

A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).

This repository contains Open Source freely usable Threat Intel feeds that can be used without additional requirements. Contains multiple types such as IP, URL, CVE and Hash.

Clusters and elements to attach to MISP events or attributes (like threat actors)

Bringing you the best of the worst files on the Internet.

A large repository of malware samples with 2500+ malware samples & source codes for a variety of platforms by Cryptware Apps.

Sublime rules for email attack detection, prevention, and threat hunting.

Awesome list of keywords and artifacts for Threat Hunting sessions

A suite for hunting suspicious targets, expose domains and phishing discovery

Threat-hunting tool for Linux

M365/Azure adversary simulation tool designed to simulate adversary techniques and generate attack telemetry.

Hunting assets on the internet using favicon hashes

Anvilogic Forge

Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations

yara detection rules for hunting with the threathunting-keywords project

Harness the power of Splunk for your investigations

Powershell script to help Speed ​​up Threat hunting incident response processes

Sigma detection rules for hunting with the threathunting-keywords project

PoC showcasing new DarkGate Install Script retrieval technique via DNS TXT Record

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, and case mana...

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

✨ A curated list of awesome threat detection and hunting resources 🕵️‍♂️

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

A curated list of awesome YARA rules, tools, and people.

Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, Threa...

Real-time HTTP Intrusion Detection

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

Rapidly Search and Hunt through Windows Forensic Artefacts

Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.

Sysmon configuration file template with default high-quality event tracing

A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).

Interesting APT Report Collection And Some Special IOC

This repository contains Open Source freely usable Threat Intel feeds that can be used without additional requirements. Contains multiple types such as IP, URL, CVE and Hash.

Cover various security approaches to attack techniques and also provides new discoveries about security breaches.

IntelOwl: manage your Threat Intelligence at scale

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

YARA signature and IOC database for my scanners and tools

Cover various security approaches to attack techniques and also provides new discoveries about security breaches.

Repository with Sentinel Analytics Rules and Hunting Queries

A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).

Awesome list of keywords and artifacts for Threat Hunting sessions

Sigma detection rules for hunting with the threathunting-keywords project

This repository contains Open Source freely usable Threat Intel feeds that can be used without additional requirements. Contains multiple types such as IP, URL, CVE and Hash.

PoC showcasing new DarkGate Install Script retrieval technique via DNS TXT Record

A curated list of annual cyber security reports

Live Feed of C2 servers, tools, and botnets

Newly registered Domain Monitoring to detect phishing and brand impersonation with subdomain enumeration and source code scraping

Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files

Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.

Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant

Crawlector is a threat hunting framework designed for scanning websites for malicious objects.

AttacKG: Constructing Knowledge-enhanced Attack Graphs from Cyber Threat Intelligence Reports

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

pretrained BERT model for cyber security text, learned CyberSecurity Knowledge

A large repository of malware samples with 2500+ malware samples & source codes for a variety of platforms by Cryptware Apps.

Purpleteam scripts simulation & Detection - trigger events for SOC detections

This repository contains Splunk queries to hunt some anomalies