mitre-attack

There are 65 repositories under mitre-attack topic.

• redcanaryco / atomic-red-team

  Small and highly portable detection tests based on MITRE's ATT&CK.

  mitremitre-attack
  Language:C 11178
• kubescape

  kubescape / kubescape

  Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernetes users and administrators precious time, effort, and resources.

  best-practicedevopskubernetesmitre-attacknsasecurityvulnerability-detection
  Language:Go 11045
• RedTeam-Tools

  A-poc / RedTeam-Tools

  Tools and Techniques for Red Team / Penetration Testing

  cheatsheetcybersecurityhackingpenetration-testingred-teamsecurity-toolslinuxresourcestoolswindowsenumerationpayloadpentestpentest-toolsred-team-toolsmitre-attackredteam
  7705
• caldera

  mitre / caldera

  Automated Adversary Emulation Platform

  adversary-emulationcalderasecurity-automationred-teammitremitre-attacksecurity-testingmitre-corporationcybersecurityhackinghacktoberfest
  Language:Python 6527

• olafhartong / sysmon-modular

  A repository of sysmon configuration modules

  sysmondfirthreat-huntingmitre-attackmodularsecurity-tools
  Language:PowerShell 2895

• sbousseaden / EVTX-ATTACK-SAMPLES

  Windows Events Attack Samples

  datasetdetection-engineeringdfirevtxmitre-attackthreat-huntingwindows-securitywinlogbeat
  Language:HTML 2441
• Digital-Forensics-Guide

  mikeroyal / Digital-Forensics-Guide

  Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.

  digitalforensicsdigitalforensicreadinessforensicssecurityforensics-toolsdigital-forensicsthreat-intelligenceintrusion-detectionmitre-attackdetection-engineeringnetwork-securityoffensive-securitycyber-securityport-scanningsiemalertingforensic-analysisforensics-investigationsosintdfir
  Language:Python 2315

• mitre-attack / attack-navigator

  Web app that provides basic navigation and annotation of ATT&CK matrices

  cticyber-threat-intelligencecybersecuritymitre-attackmitre-corporation
  Language:TypeScript 2250

• DataDog / stratus-red-team

  :cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud

  awsadversary-emulationpurple-teammitre-attackcloud-securitycloud-native-securitydetection-engineeringthreat-detectionsecurityaws-securityazure-securitykubernetes-securitygcp-security
  Language:Go 2186
• Shuffle

  Shuffle / Shuffle

  Shuffle: A general purpose security automation platform. Our focus is on collaboration and resource sharing.

  automationcybersecuritydiscordintegrationsmitre-attackopenapiorchestrationorchestratororchestrator-guisecuritysecurity-automationsecurity-orchestratorshufflesoarworkflow-editor
  Language:Shell 2100
• Certified-Kubernetes-Security-Specialist

  walidshaari / Certified-Kubernetes-Security-Specialist

  Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.

  kubernetes-securitykubernetesckscksskernel-hardeningexam-objectivesos-footprintsecurityseccompapparmorfalcokube-hunterkube-benchtrivypodcertificationpolicymitre-attackpod-security-policyopen-policy-agent
  Language:AGS Script 2084

• center-for-threat-informed-defense / adversary_emulation_library

  An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.

  adversary-emulationadversary-emulation-plansctidcyber-threat-intelligencecybersecuritymitre-attackred-teamthreat-informed-defense
  Language:C 2027

• cyb3rxp / awesome-soc

  A collection of sources of documentation, as well as field best practices, to build/run a SOC

  architecturecertcsirtdetectionincident-responsemanagementmitre-attackpurpleteamrisk-managementsiemsirpsoasoarsoctipttp
  1546
• Incident-Playbook

  austinsonger / Incident-Playbook

  GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]

  cybersecurityplaybookcybersecurity-playbookincident-responseincident-managementincidentsmitre-attackmitrecontributions-welcomecontributors-welcomecatalog
  1517
• BLUESPAWN

  ION28 / BLUESPAWN

  An Active Defense and EDR software to empower Blue Teams

  active-defensewindowssecuritysecurity-toolsblue-teammitre-attackanti-virusedrthreat-hunting
  Language:C++ 1306

• olafhartong / ThreatHunting

  A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

  splunkmitre-attackthreat-huntingdfir
  1169
• sentinel-attack

  netevert / sentinel-attack

  Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

  siemthreat-huntingazure-sentinelmitre-attacksysmonsysmon-configazureblue-teamcybersecurityloggingsecurity-toolsdetectionkqlworkbooksterraform-azure
  1073

• nshalabi / ATTACK-Tools

  Utilities for MITRE™ ATT&CK

  adversary-emulationmitremitre-attackredteamredteaming
  Language:HTML 1043
• Open-Source-Security-Guide

  mikeroyal / Open-Source-Security-Guide

  Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.

  compliancecyber-securitydetection-engineeringforensics-toolsincident-managementincident-responseinformation-securityinfosecintrusion-detectionkali-linuxmitre-attacknetwork-analysisoffensive-securitypentestersprivacy-protectionscanning-toolsiemsurveillancevulnerabilitiesvulnerability-detection
  Language:Go 1021
• atomic-threat-coverage

  atc-project / atomic-threat-coverage

  Actionable analytics designed to combat threats

  incidentresponsemitre-attackthreat-modelthreatdetectionthreathuntingthreatintelligence
  Language:Python 1004

• DataDog / KubeHound

  Tool for building Kubernetes attack paths

  adversary-emulationattack-graphattack-pathscloud-native-securityexploitkuberneteskubernetes-securitymitre-attackpurple-teamred-teamsecurity-auditsecurity-automationsecurity-tools
  Language:Go 921

• bfuzzy / auditd-attack

  A Linux Auditd rule set mapped to MITRE's Attack Framework

  auditdattack-detectionmitre-attackthreat-huntinglinux
  814

• ion-storm / sysmon-config

  Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.

  dfirdigitalforensicsforensic-analysisforensicartifactsforensicsgrayloggraylog-pluginhumiologgingmitre-attacknetsecsiemsigma-rulessysinternalssysmonthreat-analysisthreat-huntingthreat-intelligencethreat-sharingthreatintel
  Language:PowerShell 812

• SlimKQL / Hunting-Queries-Detection-Rules

  KQL Queries. Microsoft Defender, Microsoft Sentinel

  azuredefenderdefenderxdrkqlmicrosoftmitre-attacksentinelthreatdetectionthreathunting
  Language:JavaScript 774

• center-for-threat-informed-defense / attack-flow

  Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flows for a small corpus of incidents, and creating visualization tools to display attack flows.

  cybersecurityctidmitre-attackcyber-threat-intelligencethreat-informed-defense
  Language:TypeScript 694
• atc-react

  atc-project / atc-react

  A knowledge base of actionable Incident Response techniques

  amittdfirincident-responsemitre-attackresponse-playbooksthehive
  Language:Python 650

• mitre-attack / mitreattack-python

  A python module for working with ATT&CK

  cticyber-threat-intelligencecybersecuritymitre-attackmitre-corporationpython
  Language:HTML 620

• mdecrevoisier / EVTX-to-MITRE-Attack

  Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.

  evtxmitre-attackredteamsiemthreat-hunting
  593

• mitre-attack / attack-scripts

  Scripts and a (future) library to improve users' interactions with the ATT&CK content

  cticyber-threat-intelligencecybersecuritymitre-attackmitre-corporationpython
  Language:Python 585

• mitre-attack / attack-website

  MITRE ATT&CK Website

  cticyber-threat-intelligencecybersecuritymitre-attackmitre-corporation
  Language:HTML 550

• center-for-threat-informed-defense / tram

  TRAM is an open-source platform designed to advance research into automating the mapping of cyber threat intelligence reports to MITRE ATT&CK®.

  ctidcyber-threat-intelligencecybersecuritymitre-attackthreat-informed-defense
  Language:Jupyter Notebook 525
• tailpipe

  turbot / tailpipe

  select * from logs; Tailpipe is an open source SIEM for instant log insights, powered by DuckDB. Analyze millions of events in seconds, right from your terminal.

  awsazuredetectionsdevopsduckdbforensicsgcpincident-responselog-analysismitre-attackopen-sourceparquetsiemtailpipethreat-detection
  Language:Go 515

• center-for-threat-informed-defense / attack-control-framework-mappings

  🚨ATTENTION🚨 The NIST 800-53 mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here as an archive.

  cticyber-threat-intelligencemitre-attackcybersecuritynist800-53security-controlsctidthreat-informed-defenserisk-management
  Language:Python 497

• OpenCTI-Platform / connectors

  OpenCTI Connectors

  cybersecurityctithreat-intelligencemispmitre-attack
  Language:Python 485

• mdecrevoisier / SIGMA-detection-rules

  Set of SIGMA rules (>350) mapped to MITRE ATT&CK tactic and techniques

  sigmawindowsmitre-attackthreat-huntingpowershell
  392

• center-for-threat-informed-defense / security-stack-mappings

  🚨ATTENTION🚨 The Security Stack Mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here as an archive.

  mitre-attackcloudawsazuresecuritygcp
  Language:Python 389