Trending repositories for topic threat-hunting

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, a...

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

A curated list of annual cyber security reports

Rapidly Search and Hunt through Windows Forensic Artefacts

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.

A resource containing all the tools each ransomware gangs uses

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

Interesting APT Report Collection And Some Special IOC

IntelOwl: manage your Threat Intelligence at scale

Awesome Security lists for SOC/CERT/CTI

A curated list of awesome YARA rules, tools, and people.

Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.

Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.

Your Everyday Threat Intelligence

✨ A curated list of awesome threat detection and hunting resources 🕵️‍♂️

Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.

Windows Events Attack Samples

Awesome list of keywords and artifacts for Threat Hunting sessions

Set of SIGMA rules (>320) mapped to MITRE ATT&CK tactic and techniques

Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).

A curated list of annual cyber security reports

Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.

A resource containing all the tools each ransomware gangs uses

Awesome Security lists for SOC/CERT/CTI

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, a...

Awesome list of keywords and artifacts for Threat Hunting sessions

Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

Set of SIGMA rules (>320) mapped to MITRE ATT&CK tactic and techniques

Rapidly Search and Hunt through Windows Forensic Artefacts

Interesting APT Report Collection And Some Special IOC

Your Everyday Threat Intelligence

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.

A curated list of awesome YARA rules, tools, and people.

IntelOwl: manage your Threat Intelligence at scale

Windows Events Attack Samples

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, a...

A resource containing all the tools each ransomware gangs uses

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

Interesting APT Report Collection And Some Special IOC

A curated list of annual cyber security reports

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

✨ A curated list of awesome threat detection and hunting resources 🕵️‍♂️

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.

Rapidly Search and Hunt through Windows Forensic Artefacts

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

A curated list of awesome YARA rules, tools, and people.

Your Everyday Threat Intelligence

Sysmon configuration file template with default high-quality event tracing

Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.

YARA signature and IOC database for my scanners and tools

IntelOwl: manage your Threat Intelligence at scale

Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.

Awesome Security lists for SOC/CERT/CTI

Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).

A curated list of annual cyber security reports

A resource containing all the tools each ransomware gangs uses

Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.

Malicious IP source.

A curated list of awesome malware persistence tools and resources.

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, a...

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

A large repository of malware samples with 2500+ malware samples & source codes for a variety of platforms by Cryptware Apps.

Interesting APT Report Collection And Some Special IOC

Awesome Security lists for SOC/CERT/CTI

Set of SIGMA rules (>320) mapped to MITRE ATT&CK tactic and techniques

Awesome list of keywords and artifacts for Threat Hunting sessions

Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).

Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.

Clusters and elements to attach to MISP events or attributes (like threat actors)

Rapidly Search and Hunt through Windows Forensic Artefacts

Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.

Production-ready detection & response queries for osquery

Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.

Raw data from Threat Intelligence Reports with automatic reports collection and keyword search across thousands of reports

✨ A curated list of awesome threat detection and hunting resources 🕵️‍♂️

Rapidly Search and Hunt through Windows Forensic Artefacts

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, a...

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

A curated list of awesome YARA rules, tools, and people.

A resource containing all the tools each ransomware gangs uses

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).

Raw data from Threat Intelligence Reports with automatic reports collection and keyword search across thousands of reports

Interesting APT Report Collection And Some Special IOC

Awesome Security lists for SOC/CERT/CTI

Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.

Sysmon configuration file template with default high-quality event tracing

A curated list of annual cyber security reports

A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).

IntelOwl: manage your Threat Intelligence at scale

LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. This project gathers procedural examples from public reports of ...

ADXFlowmaster helps SecOps teams Threat Hunt suspicious network traffic inside & outside of Azure.

LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. This project gathers procedural examples from public reports of ...

Malicious IP source.

Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.

A curated list of annual cyber security reports

An ongoing & curated collection of awesome software best practices and remediation techniques, libraries and frameworks, E-books and videos, Technical guidelines and important resources about Threat D...

yara detection rules for hunting with the threathunting-keywords project

Harness the power of Splunk for your investigations

A resource containing all the tools each ransomware gangs uses

Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).

A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).

✨ A curated list of awesome threat detection and hunting resources 🕵️‍♂️

Awesome Security lists for SOC/CERT/CTI

Threat-hunting tool for Linux

Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

Purpleteam scripts simulation & Detection - trigger events for SOC detections

Awesome list of keywords and artifacts for Threat Hunting sessions

Rapidly Search and Hunt through Windows Forensic Artefacts

Sublime rules for email attack detection, prevention, and threat hunting.

A resource containing all the tools each ransomware gangs uses

Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.

Discover and track internet assets using favicon hashes through search engines.

LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. This project gathers procedural examples from public reports of ...

Anvilogic Forge

Harness the power of Splunk for your investigations

Raw data from Threat Intelligence Reports with automatic reports collection and keyword search across thousands of reports

PoC showcasing new DarkGate Install Script retrieval technique via DNS TXT Record

ADXFlowmaster helps SecOps teams Threat Hunt suspicious network traffic inside & outside of Azure.

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.

IntelOwl: manage your Threat Intelligence at scale

✨ A curated list of awesome threat detection and hunting resources 🕵️‍♂️

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, a...

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

A resource containing all the tools each ransomware gangs uses

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

Awesome Security lists for SOC/CERT/CTI

A curated list of awesome YARA rules, tools, and people.

Rapidly Search and Hunt through Windows Forensic Artefacts

Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

Sysmon configuration file template with default high-quality event tracing

Real-time HTTP Intrusion Detection

Interesting APT Report Collection And Some Special IOC

Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, Threa...

A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).

A Suricata based IDS/IPS/NSM distro

Live Feed of C2 servers, tools, and botnets

Hunting Queries for Defender ATP

yara detection rules for hunting with the threathunting-keywords project

A resource containing all the tools each ransomware gangs uses

Awesome Security lists for SOC/CERT/CTI

Powershell script to help Speed ​​up Threat hunting incident response processes

LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. This project gathers procedural examples from public reports of ...

A curated list of annual cyber security reports

Malicious IP source.

PoC showcasing new DarkGate Install Script retrieval technique via DNS TXT Record

Cover various security approaches to attack techniques and also provides new discoveries about security breaches.

A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).

Live Feed of C2 servers, tools, and botnets

Newly registered Domain Monitoring to detect phishing and brand impersonation with subdomain enumeration and source code scraping

Repository with Sentinel Analytics Rules, Hunting Queries and helpful external data sources.

Threat-hunting tool for Linux

Awesome list of keywords and artifacts for Threat Hunting sessions

A suite for hunting suspicious targets, expose domains and phishing discovery

Sigma detection rules for hunting with the threathunting-keywords project

Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations

Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.