mitre-attack

There are 60 repositories under mitre-attack topic.

• kubescape

  kubescape / kubescape

  Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernetes users and administrators precious time, effort, and resources.

  best-practicedevopskubernetesmitre-attacknsasecurityvulnerability-detection
  Language:Go 10401

• redcanaryco / atomic-red-team

  Small and highly portable detection tests based on MITRE's ATT&CK.

  mitremitre-attack
  Language:C 10101
• RedTeam-Tools

  A-poc / RedTeam-Tools

  Tools and Techniques for Red Team / Penetration Testing

  cheatsheetcybersecurityenumerationhackinglinuxmitre-attackpayloadpenetration-testingpentestpentest-toolsred-teamred-team-toolsredteamresourcessecurity-toolstoolswindows
  6249
• caldera

  mitre / caldera

  Automated Adversary Emulation Platform

  adversary-emulationcalderacybersecurityhackingmitremitre-attackmitre-corporationred-teamsecurity-automationsecurity-testing
  Language:Python 5815

• olafhartong / sysmon-modular

  A repository of sysmon configuration modules

  dfirmitre-attackmodularsecurity-toolssysmonthreat-hunting
  Language:PowerShell 2709

• sbousseaden / EVTX-ATTACK-SAMPLES

  Windows Events Attack Samples

  datasetdetection-engineeringdfirevtxmitre-attackthreat-huntingwindows-securitywinlogbeat
  Language:HTML 2295

• mitre-attack / attack-navigator

  Web app that provides basic navigation and annotation of ATT&CK matrices

  cticyber-threat-intelligencecybersecuritymitre-attackmitre-corporation
  Language:TypeScript 2049
• Certified-Kubernetes-Security-Specialist

  walidshaari / Certified-Kubernetes-Security-Specialist

  Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.

  apparmorcertificationcksckssexam-objectivesfalcokernel-hardeningkube-benchkube-hunterkuberneteskubernetes-securitymitre-attackopen-policy-agentos-footprintpodpod-security-policypolicyseccompsecuritytrivy
  Language:AGS Script 2018

• DataDog / stratus-red-team

  :cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud

  awsadversary-emulationpurple-teammitre-attackcloud-securitycloud-native-securitydetection-engineeringthreat-detectionsecurityaws-securityazure-securitykubernetes-securitygcp-security
  Language:Go 1898
• Shuffle

  Shuffle / Shuffle

  Shuffle: A general purpose security automation platform. Our focus is on collaboration and resource sharing.

  agplv3automationcybersecuritydiscordhacktoberfestintegrationsmitre-attackopenapiorchestrationorchestratororchestrator-guisecuritysecurity-automationsecurity-orchestratorshufflesoarworkflow-editor
  Language:Shell 1808

• center-for-threat-informed-defense / adversary_emulation_library

  An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.

  adversary-emulationadversary-emulation-plansctidcyber-threat-intelligencecybersecuritymitre-attackred-teamthreat-informed-defense
  Language:C 1792
• Digital-Forensics-Guide

  mikeroyal / Digital-Forensics-Guide

  Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.

  digitalforensicsdigitalforensicreadinessforensicssecurityforensics-toolsdigital-forensicsthreat-intelligenceintrusion-detectionmitre-attackdetection-engineeringnetwork-securityoffensive-securitycyber-securityport-scanningsiemalertingforensic-analysisforensics-investigationsosintdfir
  Language:Python 1726
• Incident-Playbook

  austinsonger / Incident-Playbook

  GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]

  catalogcontributions-welcomecontributors-welcomecybersecuritycybersecurity-playbookincident-managementincident-responseincidentsmitremitre-attackplaybook
  1428

• cyb3rxp / awesome-soc

  A collection of sources of documentation, as well as field best practices, to build/run a SOC

  architecturecertcsirtdetectionincident-responsemanagementmitre-attackpurpleteamrisk-managementsiemsirpsoasoarsoctipttp
  1304
• BLUESPAWN

  ION28 / BLUESPAWN

  An Active Defense and EDR software to empower Blue Teams

  active-defenseanti-virusblue-teamedrmitre-attacksecuritysecurity-toolsthreat-huntingwindows
  Language:C++ 1249

• olafhartong / ThreatHunting

  A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

  dfirmitre-attacksplunkthreat-hunting
  1142
• sentinel-attack

  netevert / sentinel-attack

  Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

  azureazure-sentinelblue-teamcybersecuritydetectionkqlloggingmitre-attacksecurity-toolssiemsysmonsysmon-configterraform-azurethreat-huntingworkbooks
  1062

• nshalabi / ATTACK-Tools

  Utilities for MITRE™ ATT&CK

  mitre-attackmitreadversary-emulationredteamingredteam
  Language:HTML 1015
• atomic-threat-coverage

  atc-project / atomic-threat-coverage

  Actionable analytics designed to combat threats

  incidentresponsemitre-attackthreat-modelthreatdetectionthreathuntingthreatintelligence
  Language:Python 977
• Open-Source-Security-Guide

  mikeroyal / Open-Source-Security-Guide

  Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.

  vulnerabilitiesvulnerability-detectionprivacy-protectionpentestersnetwork-analysisintrusion-detectioninfosecincident-managementmitre-attackdetection-engineeringkali-linuxoffensive-securityinformation-securitysiemcompliancecyber-securityscanning-toolincident-responseforensics-toolssurveillance
  Language:Go 941

• DataDog / KubeHound

  Tool for building Kubernetes attack paths

  adversary-emulationattack-graphattack-pathscloud-native-securityexploitkuberneteskubernetes-securitymitre-attackpurple-teamred-teamsecurity-auditsecurity-automationsecurity-tools
  Language:Go 813

• ion-storm / sysmon-config

  Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.

  sysmonthreatintelthreat-huntingnetsecsysinternalslogginggrayloggraylog-plugindfirthreat-intelligencethreat-sharingthreat-analysismitre-attackdigitalforensicsforensic-analysisforensicartifactsforensicssiemsigma-ruleshumio
  Language:PowerShell 788

• bfuzzy / auditd-attack

  A Linux Auditd rule set mapped to MITRE's Attack Framework

  attack-detectionauditdlinuxmitre-attackthreat-hunting
  778
• atc-react

  atc-project / atc-react

  A knowledge base of actionable Incident Response techniques

  amittdfirincident-responsemitre-attackresponse-playbooksthehive
  Language:Python 628

• mitre-attack / attack-scripts

  Scripts and a (future) library to improve users' interactions with the ATT&CK content

  cticyber-threat-intelligencecybersecuritymitre-attackmitre-corporationpython
  Language:Python 585

• center-for-threat-informed-defense / attack-flow

  Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flows for a small corpus of incidents, and creating visualization tools to display attack flows.

  ctidcyber-threat-intelligencecybersecuritymitre-attackthreat-informed-defense
  Language:TypeScript 574

• mdecrevoisier / EVTX-to-MITRE-Attack

  Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.

  evtxmitre-attackredteamsiemthreat-hunting
  545

• mitre-attack / attack-website

  MITRE ATT&CK Website

  cticyber-threat-intelligencecybersecuritymitre-attackmitre-corporation
  Language:HTML 503

• mitre-attack / mitreattack-python

  A python module for working with ATT&CK

  cticyber-threat-intelligencecybersecuritymitre-attackmitre-corporationpython
  Language:Python 501

• center-for-threat-informed-defense / attack-control-framework-mappings

  🚨ATTENTION🚨 The NIST 800-53 mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here as an archive.

  ctictidcyber-threat-intelligencecybersecuritymitre-attacknist800-53risk-managementsecurity-controlsthreat-informed-defense
  Language:Python 488

• center-for-threat-informed-defense / tram

  TRAM is an open-source platform designed to advance research into automating the mapping of cyber threat intelligence reports to MITRE ATT&CK®.

  ctidcyber-threat-intelligencecybersecuritymitre-attackthreat-informed-defense
  Language:Jupyter Notebook 464

• SlimKQL / Hunting-Queries-Detection-Rules

  KQL Queries. Microsoft Defender, Microsoft Sentinel

  azuredefenderdefenderxdrkqlmicrosoftmitre-attacksentinelthreatdetectionthreathunting
  Language:HTML 420

• OpenCTI-Platform / connectors

  OpenCTI Connectors

  cybersecurityctithreat-intelligencemispmitre-attack
  Language:Python 405

• center-for-threat-informed-defense / security-stack-mappings

  🚨ATTENTION🚨 The Security Stack Mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here as an archive.

  awsazurecloudgcpmitre-attacksecurity
  Language:Python 379

• sbousseaden / PCAP-ATTACK

  PCAP Samples for Different Post Exploitation Techniques

  detectionmitre-attackpcap-filespcapngthreat-hunting
  351

• olafhartong / ATTACKdatamap

  A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

  dfirmitre-attacksiemthreat-detectionthreat-hunting
  Language:PowerShell 350