There are 53 repositories under cyber-threat-intelligence topic.
A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.
IntelOwl: manage your Threat Intelligence at scale
Web app that provides basic navigation and annotation of ATT&CK matrices
An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.
A FREE Windows C development course where we will learn the Win32API and reverse engineer each step utilizing IDA Free in both an x86 and x64 environment.
Cortex: a Powerful Observable Analysis and Active Response Engine
Cyber Analytics Repository
Scripts and a (future) library to improve users' interactions with the ATT&CK content
Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flows for a small corpus of incidents, and creating visualization tools to display attack flows.
🚨ATTENTION🚨 The NIST 800-53 mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here as an archive.
MITRE ATT&CK Website
Cortex Analyzers Repository
TRAM is an open-source platform designed to advance research into automating the mapping of cyber threat intelligence reports to MITRE ATT&CK®.
A python module for working with ATT&CK
OASIS TC Open Repository: Python APIs for STIX 2
STIX data representing MITRE ATT&CK
TAXII server implementation in Python from EclecticIQ
CTI Blueprints is a free suite of templates and tools that helps Cyber Threat Intelligence analysts create high-quality, actionable reports more consistently and efficiently.
Suricata rules for network anomaly detection
OASIS TC Open Repository: Lightweight visualization for STIX 2.0 objects and relationships
The principal objective of this project is to develop a knowledge base of the tactics, techniques, and procedures (TTPs) used by insiders in the IT environment. It will establish an Insider Threat TTP Knowledge Base, built upon data collected on insider threat incidents and lessons learned and experience from the ATT&CK knowledge base.
Threat Intel Platform for T-POTs
OASIS TC Open Repository: TAXII 2 Server Library Written in Python
Top ATT&CK Techniques provides defenders with a systematic approach to prioritizing ATT&CK techniques.
A visualized overview of the Initial Access Broker (IAB) cybercrime landscape
OASIS TC Open Repository: Non-normative schemas and examples for STIX 2
OASIS TC Open Repository: TAXII 2 Client Library Written in Python
OASIS TC Open Repository: GitHub Pages site for STIX and TAXII
Finds related domains and IPv4 addresses to do threat intelligence after Indicator-Intelligence collects static files.
Extracting Attack Behavior from Threat Reports
Further investigation in to APT campaigns disclosed by private security firms and security agencies
🚨ATTENTION🚨 The VERIS mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here as an archive.
A collection of awesome framework, libraries, learning tutorials, videos, webcasts, technical resources and cool stuff about Security Orchestration, Automation and Response (SOAR).