threathunting

There are 9 repositories under threathunting topic.

• IntelOwl

  intelowlproject / IntelOwl

  IntelOwl: manage your Threat Intelligence at scale

  security-toolspythonthreat-intelligenceiocincident-responsecyber-threat-intelligenceenrichmenthoneynetosintosint-pythonthreatintelmalware-analysismalware-analyzerintel-owlthreat-huntinghacktoberfestcyber-securitycybersecuritythreathuntingdfir
  Language:Python 3139

• alexandreborges / malwoverview

  Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest and it is able to scan Android devices against VT.

  malwarevirustotalmalpediaurlhausalienvaultmalsharethreathuntingmalwarebazaarthreatfoxcybersecuritymalware-analysisthreat-huntingthreatintelligencetriage
  Language:Python 2734

• mandiant / ThreatPursuit-VM

  Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as well as threat hunters to get up and running quickly.

  cyberthreatthreatintelligencethreathuntingintelligenceintelligence-analysisdata-scienceanalyticsmalwarevirtual-machinemandiantfireeye
  Language:PowerShell 1196
• atomic-threat-coverage

  atc-project / atomic-threat-coverage

  Actionable analytics designed to combat threats

  mitre-attackthreat-modelthreathuntingincidentresponsethreatintelligencethreatdetection
  Language:Python 947
• AzureHunter

  darkquasar / AzureHunter

  A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365

  azuredigital-forensicscloud-forensicscybersecurityazuresearcherazforensicsthreat-huntingthreathuntingincident-responseunifiedauditlogdfirpowershellv5azure-forensics
  Language:PowerShell 762
• tenzir

  tenzir / tenzir

  Open source security data pipelines.

  incident-responsethreathuntingsiemsocsecuritydataopsinvestigationpcapsecdataopsnetflowsuricatazeekpipelinessigma
  Language:C++ 616
• MDATP

  alexverboon / MDATP

  Microsoft Defender XDR - Resource Hub

  blogsdefender-for-endpointdefender-for-identitykqllearningmicrosoft-defender-xdrthreathuntingdefender-for-cloud-appsdefender-for-office-365
  Language:PowerShell 444

• GACWR / OpenUBA

  A robust, and flexible open source User & Entity Behavior Analytics (UEBA) framework used for Security Analytics. Developed with luv by Data Scientists & Security Analysts from the Cyber Security Industry. [PRE-ALPHA]

  uebadatasciencecybersecurityanalyticsthreathuntingtensorflowsparkflaskinformation-securitysiemanomaly-detectionubasklearnsecurityelkelasticsearchmachine-learningnodejsuser-behaviourreact
  Language:Python 355
• ThreatHunting-Keywords

  mthcht / ThreatHunting-Keywords

  Awesome list of keywords and artifacts for Threat Hunting sessions

  awesome-listblueteamdetection-engineeringendpoint-securityiocsoffensive-scriptsoffensive-securityredteamsiemsocsplunkthreat-huntingthreat-intelligencethreathuntingdfirincident-responseforensichacktoolssigma-ruleselk-stack
  Language:HTML 346

• Kirtar22 / Litmus_Test

  Detecting ATT&CK techniques & tactics for Linux

  mitre-attackthreathuntinglinux-huntingincident-responsesecurity-operationsdefensive-securityblue-teamred-team
  Language:Roff 251

• AbdulRhmanAlfaifi / Fennec

  Artifact collection tool for *nix systems

  dfirrustirthreathuntingblueteam
  Language:Rust 181
• Purpleteam

  mthcht / Purpleteam

  Purpleteam scripts simulation & Detection - trigger events for SOC detections

  blueteamdetectionlinuxmitre-attackoffensive-scriptspurpleteamredteamsecuritysiemsimulationsoctacticstechniqueswindowsawesomeawesome-listiocthreat-huntingthreathuntingdetection-engineering
  Language:PowerShell 123

• Viralmaniar / MurMurHash

  This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

  redteamblueteamphishingphishing-detectioncybersecurityinfosecsecurity-toolsredteamingthreathuntingthreat-intelligencethreatintelthreatintelligenceproactive-securitymurmurhashmurmurhash3blueteamingpurpleteam
  Language:Python 111

• UncoderIO / Uncoder_IO

  An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy.

  datalakeedrrootasiemsigmathreathuntingtranslationxdruncoderuncoderio
  Language:Python 106

• alt3kx / wafaray

  Enhance your malware detection with WAF + YARA (WAFARAY)

  blueteamblueteamingpentestingsecurity-toolsthreat-intelligencethreathuntingwafyarayara-rules
  Language:Shell 105

• csirtgadgets / cif-v5

  The FASTEST way to consume threat intel.

  cifthreatintelthreathuntingcsirtg
  Language:Python 61

• Truvis / SplunkDashboards

  Collection of Dashboards for Threat Hunting and more!

  splunksplunk-applicationsplunk-enterprisesplunk-addonsplunk-httpsplunk-impact-cloudsplunk-alertsdashboarddashboardsdashboard-templatesdashboard-applicationdashboard-widgetthreat-intelligencethreathuntingthreat-huntingthreatintelauditauditingaudit-logssuricata
  50
• ThreatHunting-Keywords-sigma-rules

  mthcht / ThreatHunting-Keywords-sigma-rules

  Sigma detection rules for hunting with the threathunting-keywords project

  blueteamdetection-engineeringdetection-rulessiemsigma-rulesthreat-detectionthreat-huntingthreathuntingdfirforensicartifactsmitre-attack
  Language:Python 40

• svch0stz / TheThreatHuntLibrary

  Library of threat hunts to get any user started!

  huntingmitrehypothesisthreat-huntingthreathuntingcybersecurity
  Language:Python 39

• HellishPn / Volatility-MM-CS

  Volatility MindMap & Cheat Sheet

  volatilityforensicsbluteamthreathuntingincident-response-toolingmindmapcheatsheet
  29
• HackLab

  victorpreston / HackLab

  Welcome to HackLab, your go-to resource for hands-on cybersecurity projects. This repository is a collection of step-by-step projects designed to enhance your understanding of various cybersecurity concepts, techniques, and tools.

  cyber-securitycybersecurityhackhackinghacking-toolskeyloggernetworknetwork-securityoffensive-scriptspasswordpythonpython-hackingpython3threathuntingwifi
  Language:Python 29

• eremit4 / Akamaru

  Sniffing out well-known threat groups

  apt-groupsctipythonransomware-resourcesthreat-huntingthreat-intelligencehuntingmitre-attacksentinelonethreathuntingthreatintelmitre-attack-dbransomlook
  Language:Python 28

• stvetro / HuntWithChatGPT

  Tiny proof-of-concept PowerShell script to do threat hunting using ChatGPT (text-davinci-003)

  chatgptdfirforensicsirpowershellthreathunting
  Language:PowerShell 28

• ecstatic-nobel / Aisle25

  Detect leaks in security event logs.

  splunkcyberinfosecthreathuntingpassword-dumpdfirentropywindows-securityprotected-event-loggingpythondata-leak
  Language:Python 18

• 00gxd14g / misp-extractor

  This is a simple Python script that connects to a MISP instance and retrieves attributes of specific types (such as IP addresses, URLs, and hashes). The retrieved attributes are then written to separate files.

  blueteamcyberintelligencecybersecurityintelligencemispthreathunting
  Language:Python 16

• elceef / yara-rulz

  Collection of generic YARA rules

  threathuntingyara
  Language:YARA 14

• CertAcademico / IncidentResponseTool

  Kit de herramientas para atender un incidente de Ciberseguridad y elementos claves para poder gestionar y analizar artefactos basados en una intrusión informática.

  certciberseguridadcsirtctidfirincidentresponsethreathuntingnavajasuizarespuesta-incidentes
  12

• TeMiroYteHasheo / The-Hunters-Framework

  Project to Support The Hunter's Framework (THF)

  threathuntingthreat-huntingthreat-detectionthfcybersecuritycybersecurity-education
  11

• ManuelBerrueta / BST

  🏴‍☠️ BST is an ever-evolving collection of 🛠 tools to help in security and administration day to day tasks 😉

  applicationsecurityappsecazureblueteamcloudcontainersdfirincident-responsekubernetesoffensive-securityoffensivesecurityredteamredteam-toolsredteamingsecuritythreat-huntingthreathunting
  Language:Python 9

• N3tworkSec / N3tstatIDS

  Lightweight Endpoint Detection & Response (EDR) Framework

  n3tstat-idsedrbeacon-analysisthreathuntingaptbeacon-huntingapt-detectionmalwaredetection
  9

• buzzer-re / DeepSecurity-2-ATTCK

  Pull your DS rules and build a ATT&CK matrix

  mitre-attackthreathuntingblueteamdeep-security
  Language:Python 7

• Richard1611 / RemoteKapeTriage

  A powershell tool that automate the remote forensic evidence adquisitions (triage) from Remote windows machines, using KAPE tool.

  powershellpowershell-scriptforensicsincident-responseforensic-analysisthreathuntingkapetriagecybersecurityinformation-securityinformation-gathering
  Language:PowerShell 7

• BenjiTrapp / aws-threat-hunting

  Short deep dive into Threat Hunting on AWS

  awscloudtraildetection-engineeringjupyter-notebookthreathunting
  Language:Jupyter Notebook 6

• xFFninja / happy_threat_hunting

  Threat Hunting

  detectionkqlsiemsigma-rulesthreathunting
  6

• adamsmesher / hunterground

  Another Threat Hunting knowledge base :) based on MITRE ATT&CK Matrix

  mitre-attackthreat-huntingthreathunting
  4

• AndrewRathbun / BeaconHunter

  An updated fork of @3lp4tr0n's BeaconHunter. Detect and respond to Cobalt Strike beacons using ETW

  cobaltstrikedfirredteamthreathunting
  Language:C# 4