There are 101 repositories under threat-hunting topic.
MISP (core software) - Open Source Threat Intelligence and Sharing Platform
Sysmon configuration file template with default high-quality event tracing
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
The Hunting ELK
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
A curated list of awesome threat detection and hunting resources
A curated list of awesome YARA rules, tools, and people.
A repository of sysmon configuration modules
Signature base for my scanner tools
Windows Events Attack Samples
Real-time HTTP Intrusion Detection
Rapidly Search and Hunt through Windows Event Logs
Your Everyday Threat Intelligence
Utilities for Sysmon
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
An Active Defense and EDR software to empower Blue Teams
A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Curated Intelligence is working with analysts from around the world to provide useful information to organisations in Ukraine looking for additional free threat intelligence. Slava Ukraini. Glory to Ukraine.
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
A Linux Auditd rule set mapped to MITRE's Attack Framework
A collection of resources for Threat Hunters - Sponsored by Falcon Guard
Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
Extract and aggregate threat intelligence.
FATT /fingerprintAllTheThings - a pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic
Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.
Advanced Sysmon configuration, Installer & Auto Updater with high-quality event tracing
A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
19 Customizable honeypots for monitoring network traffic, bots activities and username\password credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres, MySQL, MSSQL, Elastic and ldap)
PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
FCL (Fileless Command Lines) - Known command lines of fileless malicious executions