threat

There are 15 repositories under threat topic.

• teler

  teler-sh / teler

  Real-time HTTP Intrusion Detection

  analyze-logsgogolangidsintrusionintrusion-detectionintrusion-detection-systemiocsloglog-analyzerlogsthreatthreat-analyzerthreat-huntingthreat-intelligencethreat-rules
  Language:Go 3064

• Yamato-Security / hayabusa

  Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

  dfirthreathuntingwindowseventlogsrustsigmadetectionattackforensicsincidentresponsehayabusayamatosecuritycybersecurityincident-responsesecurity-automationthreat-hunting
  Language:Rust 2828

• activecm / rita-legacy

  Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.

  analysisanalyticsbeaconbeacon-snifferbhisblueteambro-idsdgadnsdns-tunnelinglogsnetwork-trafficoffensive-countermeasuresritascanningsecuritythreat
  Language:Go 2515

• mandiant / ThreatPursuit-VM

  Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as well as threat hunters to get up and running quickly.

  analyticscyberdata-sciencefireeyeintelligenceintelligence-analysismalwaremandiantthreatthreathuntingthreatintelligencevirtual-machine
  Language:PowerShell 1261
• intelmq

  certtools / intelmq

  IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.

  cybersecuritythreatiocmalwarephishingcertcsirtintelligenceincident-responsealertsfeedsincidenthandlingautomationihappython
  Language:Python 1080

• toolswatch / vFeed

  The Correlated CVE Vulnerability And Threat Intelligence Database API

  cveovalthreat-intelligence-databasepythonvfeedcwecapecscapvulnerability-databasesvulnerability-detectionvulnerability-database-entryvulnerability-identificationthreatintelligence-gatheringexploitsvulnerabilityvulnerability-scannerscommon-vulnerability-exposurethreat-intelligencethreatintel
  Language:Python 941

• cyberark / SkyArk

  SkyArk helps to discover, assess and secure the most privileged entities in Azure and AWS

  adminsattackerawsazurecloudcloud-securitypowershellprivilegessecurity-toolsthreat
  Language:PowerShell 885

• Yamato-Security / WELA-deprecated

  WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

  dfirloganalysisforensicsincidentresponsesigmawindowseventlogsthreathuntingtimeline
  Language:PowerShell 781

• TonyPhipps / SIEM

  SIEM Tactics, Techiques, and Procedures

  threathuntredbluepurpleteamincidentresponsebaselinemonitoranalysisscanlogforensicstriagereconthreat-huntingsecuritysocsiem
  Language:PowerShell 616

• manifoldfinance / defi-threat

  a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations on decentralized finance

  defithreatcvesolidityinfosecethereumerc20erc721defi-threatthreat-matrixsmart-contractsnftsadvisoriesblockchainevmsmart-contracts-auditkill-chain
  Language:JavaScript 490
• Meerkat

  TonyPhipps / Meerkat

  A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

  threathuntredbluepurpleteamincidentresponsebaselinemonitoranalysisscanlogforensicstriagereconthreat-huntingsecuritysocsiem
  Language:PowerShell 457

• TalEliyahu / Threat_Model_Examples

  A collection of real-world threat model examples across various technologies, providing practical insights into identifying and mitigating security risks.

  risk-assessmentthreatthreat-analysisthreat-modelingcybersecurity
  427

• EXP-Tools / threat-broadcast

  威胁情报播报

  broadcastcveprogrammingsafethreat
  Language:Python 384

• SupportIntelligence / Icewater

  16,432 Free Yara rules created by

  yaramalware-analysisclusterthreatdna
  Language:YARA 383
• cyberbro

  stanfrbd / cyberbro

  A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.

  blueteamcyber-threat-intelligencecybersecuritydfirdockerhashincident-responseinfoseciocipinfoosintosint-pythonpythonsecuritysecurity-toolsthreatthreat-huntingthreat-intelligencevirustotal
  Language:HTML 349

• opencybersecurityalliance / kestrel-lang

  Kestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel.

  cybersecurityhacktoberfestlanguagesecuritysecurity-automationsecurity-toolsthreatthreat-huntingthreat-intelligencethreatintel
  Language:Python 311

• opencybersecurityalliance / stix-shifter

  This project consists of an open source library allowing software to connect to data repositories using STIX Patterning, and return results as STIX Observations.

  hacktoberfestpythonstix2stixcybersecuritysecuritysecurity-automationsecurity-toolsthreatthreat-huntingthreat-intelligencethreatintelocsf
  Language:Python 241

• Aabyss-Team / Ban-Hacker-IP-Plan

  国内恶意IP封禁计划，还赛博空间一片朗朗乾坤

  ban-botban-hostsban-iphackerintelligenceiocmalicethreatthreat-intelligence
  240

• rastrea2r / rastrea2r

  Collecting & Hunting for IOCs with gusto and style

  threathuntingiocsecurity-tools
  Language:Python 237

• Patrowl / PatrowlHears

  PatrowlHears - Vulnerability Intelligence Center / Exploits

  apiautomationcpecvecvsscybersecurityexploitsexploits-scriptspatrowlsecopssocthreatthreat-huntingthreat-intelligencethreatintelvulnerabilitiesvulnerability-detectionvulnerability-identificationvulnerability-intelligencevulnerability-scanning
  Language:Python 163

• SoulSec / resource-threat-hunting

  Repository resource for threat hunter

  threatthreat-huntingthreat-intelligencethreatintel
  158

• Graylog2 / graylog-plugin-threatintel

  Graylog Processing Pipeline functions to enrich log messages with IoC information from threat intelligence databases

  graylogthreatotxwhois-informationabusegraylog-pluginthreatintelthreat-scorethreat-analysisspamhauswhoiswhois-lookup
  Language:Java 153

• docbleach / DocBleach

  :shower: Sanitising your documents, one threat at a time. — Content Disarm & Reconstruction Software

  security-toolsjavaofficepdfthreatcontent-disarm-reconstructsecurity
  Language:Java 152

• usnistgov / mobile-threat-catalogue

  NIST/NCCoE Mobile Threat Catalogue

  threatcataloguenistmobile
  Language:HTML 149

• yevh / TaaC-AI

  AI-driven Threat modeling-as-a-Code (TaaC-AI)

  application-securitydevsecopsgptgpt-3gpt-4secure-developmenttaacthreatthreat-modelingthreat-modeling-from-codethreat-modeling-toolthreat-modelsaillm-securityclaude-3mistral-7b
  Language:HTML 129

• ine-labs / ThreatSeeker

  ThreatSeeker: Threat Hunting via Windows Event Logs

  evtxlog-analysissysmonthreatthreat-detectionthreat-intelligencewindows
  Language:Python 120

• jymcheong / SysmonResources

  Consolidation of various resources related to Microsoft Sysmon & sample data/log

  sysmonthreatthreat-hunting
  Language:Python 110
• MonarcAppFO

  monarc-project / MonarcAppFO

  MONARC - Method for an Optimised aNAlysis of Risks by @NC3-LU

  risk-analysisgovernancecasessecuritymonarccybersecuritythreatvulnerabilitiesrisk-assessmentrisk-evaluationrisk-treatment
  Language:Shell 105

• CERTCC / Vulnerability-Data-Archive

  With the hope that someone finds the data useful, we used to periodically publish an archive of almost all of the non-sensitive vulnerability information in our vulnerability reports database. See also https://github.com/CERTCC/Vulnerability-Data-Archive-Tools

  certcvethreatthreat-analysisthreat-intelligencethreatintelvulnerabilityvulnerability-datavulnerability-notesvulnerability-report
  96

• CloudDefenseAI / falco_extended_rules

  Curating Falco rules with MITRE ATT&CK Matrix

  cloudsecuritydevopsdevsecopskuberentessecuritycnappcspmsecurity-toolsthreat-analysisvulnerability-detectionvulnerability-scannersfalcomalwarethreatthreat-modelingcontainer-securitykubernetes-securitymalware-analysisworkload-securityzero-day
  Language:Python 78

• rusakovichma / TicTaaC

  Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. Sugar-Free and Secure: no any external dependencies except for chart plotting are used

  threat-modelingthreat-modeling-toolapplication-securitythreat-modelsthreat-modeling-from-codethreat-modelthreatsecure-developmentappsecdevsecops
  Language:Java 62

• redrays-io / SAP-Threat-Modeling

  The SAP Threat Modeling Tool is an on-premises open-source web application designed to analyze and visualize connections between SAP systems, helping users identify security risks and vulnerabilities. With features like inputting SAP credentials, scanning for connections, and visualizing the network.

  modelingsapsecuritythreatthreat-modelingsap-security
  Language:HTML 47

• vc0RExor / Quick-Analysis

  Quick analysis focusing on most important of a Malware or a Threat

  quick-analysismalwarethreatresearch
  40

• MHaggis / app_splunk_sysmon_hunter

  Splunk App to assist Sysmon Threat Hunting

  sysmonsplunkthreat
  38

• EsreverWoW / ClassicThreatMeter

  A simple threat meter for WoW Classic (1.13.2)

  classicthreatthreat-meterwowwow-classic
  Language:Lua 37

• 3c7 / aptmap

  A map displaying threat actors from the misp-galaxy

  aptadvancedpersistentthreatintelligencemisp
  Language:TypeScript 33