threathunting

There are 11 repositories under threathunting topic.

• IntelOwl

  intelowlproject / IntelOwl

  IntelOwl: manage your Threat Intelligence at scale

  cyber-securitycyber-threat-intelligencecybersecuritydfirenrichmenthacktoberfesthoneynetincident-responseintel-owliocmalware-analysismalware-analyzerosintosint-pythonpythonsecurity-toolsthreat-huntingthreat-intelligencethreathuntingthreatintel
  Language:Python 4313

• alexandreborges / malwoverview

  Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest, VxExchange and IPInfo, and it is also able to scan Android devices against VT.

  malwarevirustotalmalpediaurlhausalienvaultmalsharethreathuntingmalwarebazaarthreatfoxcybersecuritymalware-analysisthreat-huntingthreatintelligencetriage
  Language:Python 3409

• mandiant / ThreatPursuit-VM

  Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as well as threat hunters to get up and running quickly.

  cyberthreatthreatintelligencethreathuntingintelligenceintelligence-analysisdata-scienceanalyticsmalwarevirtual-machinemandiantfireeye
  Language:PowerShell 1285
• atomic-threat-coverage

  atc-project / atomic-threat-coverage

  Actionable analytics designed to combat threats

  incidentresponsemitre-attackthreat-modelthreatdetectionthreathuntingthreatintelligence
  Language:Python 999
• AzureHunter

  darkquasar / AzureHunter

  A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365

  azforensicsazureazure-forensicsazuresearchercloud-forensicscybersecuritydfirdigital-forensicsincident-responsepowershellv5threat-huntingthreathuntingunifiedauditlog
  Language:PowerShell 787

• SlimKQL / Hunting-Queries-Detection-Rules

  KQL Queries. Microsoft Defender, Microsoft Sentinel

  azuredefenderxdrkqlsentinelthreatdetectiondefendermicrosoftmitre-attackthreathunting
  Language:JavaScript 743
• tenzir

  tenzir / tenzir

  Tenzir is the data pipeline engine for security teams.

  incident-responsethreathuntingsiemsocsecuritydataopsinvestigationpcapsecdataopsnetflowsuricatazeekpipelinessigmahacktoberfest
  Language:C++ 703
• ThreatHunting-Keywords

  mthcht / ThreatHunting-Keywords

  Awesome list of keywords and artifacts for Threat Hunting sessions

  awesome-listblueteamdetection-engineeringdfirelk-stackendpoint-securityforensichacktoolsincident-responseiocsoffensive-scriptsoffensive-securityredteamsiemsocsplunkthreat-huntingthreat-intelligencethreathuntingyara-rules
  Language:PowerShell 604
• MDATP

  alexverboon / MDATP

  MDATP

  blogsdefender-for-endpointdefender-for-identitykqllearningmicrosoft-defender-xdrthreathuntingdefender-for-cloud-appsdefender-for-office-365
  Language:PowerShell 460

• GACWR / OpenUBA

  A robust, and flexible open source User & Entity Behavior Analytics (UEBA) framework used for Security Analytics. Developed with luv by Data Scientists & Security Analysts from the Cyber Security Industry. [PRE-ALPHA]

  uebadatasciencecybersecurityanalyticsthreathuntingtensorflowsparkflaskinformation-securitysiemanomaly-detectionubasklearnsecurityelkelasticsearchmachine-learningnodejsuser-behaviourreact
  Language:Python 449

• Kirtar22 / Litmus_Test

  Detecting ATT&CK techniques & tactics for Linux

  blue-teamdefensive-securityincident-responselinux-huntingmitre-attackred-teamsecurity-operationsthreathunting
  Language:Roff 258

• AbdulRhmanAlfaifi / Fennec

  Artifact collection tool for *nix systems

  dfirrustirthreathuntingblueteam
  Language:Rust 210
• Purpleteam

  mthcht / Purpleteam

  Purpleteam scripts simulation & Detection - trigger events for SOC detections

  blueteamdetectionlinuxmitre-attackoffensive-scriptspurpleteamredteamsecuritysiemsimulationsoctacticstechniqueswindowsawesomeawesome-listiocthreat-huntingthreathuntingdetection-engineering
  Language:PowerShell 190

• UncoderIO / Uncoder_IO

  An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy.

  datalakeedrrootasiemsigmathreathuntingtranslationuncoderuncoderioxdr
  Language:Python 158

• Viralmaniar / MurMurHash

  This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

  redteamblueteamphishingphishing-detectioncybersecurityinfosecsecurity-toolsredteamingthreathuntingthreat-intelligencethreatintelthreatintelligenceproactive-securitymurmurhashmurmurhash3blueteamingpurpleteam
  Language:Python 117

• alt3kx / wafaray

  Enhance your malware detection with WAF + YARA (WAFARAY)

  blueteamblueteamingpentestingsecurity-toolsthreat-intelligencethreathuntingwafyarayara-rules
  Language:Shell 109

• Truvis / SplunkDashboards

  Collection of Dashboards for Threat Hunting and more!

  splunksplunk-applicationsplunk-enterprisesplunk-addonsplunk-httpsplunk-impact-cloudsplunk-alertsdashboarddashboardsdashboard-templatesdashboard-applicationdashboard-widgetthreat-intelligencethreathuntingthreat-huntingthreatintelauditauditingaudit-logssuricata
  69

• csirtgadgets / cif-v5

  The FASTEST way to consume threat intel.

  cifcsirtgthreathuntingthreatintel
  Language:Python 68
• ThreatHunting-Keywords-sigma-rules

  mthcht / ThreatHunting-Keywords-sigma-rules

  Sigma detection rules for hunting with the threathunting-keywords project

  blueteamdetection-engineeringdetection-rulessiemsigma-rulesthreat-detectionthreat-huntingthreathuntingdfirforensicartifactsmitre-attack
  Language:Python 56

• 0xAnalyst / Sysmon

  Sysmon config for both Windows and Linux Devices. Windows one is a bit dated

  sysmon-configthreathunting
  Language:Batchfile 55

• svch0stz / TheThreatHuntLibrary

  Library of threat hunts to get any user started!

  huntingmitrehypothesisthreat-huntingthreathuntingcybersecurity
  Language:Python 45
• HackLab

  victorpreston / HackLab

  Welcome to HackLab, your go-to resource for hands-on cybersecurity projects. This repository is a collection of step-by-step projects designed to enhance your understanding of various cybersecurity concepts, techniques, and tools.

  cyber-securitycybersecurityhackhackinghacking-toolskeyloggernetworknetwork-securityoffensive-scriptspasswordpythonpython-hackingpython3threathuntingwifi
  Language:Python 37

• HellishPn / Volatility-MM-CS

  Volatility MindMap & Cheat Sheet

  volatilityforensicsbluteamthreathuntingincident-response-toolingmindmapcheatsheet
  29

• eremit4 / Akamaru

  Sniffing out well-known threat groups

  apt-groupsctipythonransomware-resourcesthreat-huntingthreat-intelligencehuntingmitre-attacksentinelonethreathuntingthreatintelmitre-attack-dbransomlook
  Language:Python 28

• stvetro / HuntWithChatGPT

  Tiny proof-of-concept PowerShell script to do threat hunting using ChatGPT (text-davinci-003)

  chatgptdfirforensicsirpowershellthreathunting
  Language:PowerShell 28

• ecstatic-nobel / Aisle25

  Detect leaks in security event logs.

  cyberdata-leakdfirentropyinfosecpassword-dumpprotected-event-loggingpythonsplunkthreathuntingwindows-security
  Language:Python 20

• TheCyberArcher / SOC-Ressources

  Repository for SOC analysts, queries to investigate, advanced hunting, sites for analysis, malware samples, courses to improve skills, IOC and monitoring.

  cybersecuritycyberdefenseedrsiemsocthreathuntingsocanalyst
  17

• 00gxd14g / misp-extractor

  This is a simple Python script that connects to a MISP instance and retrieves attributes of specific types (such as IP addresses, URLs, and hashes). The retrieved attributes are then written to separate files.

  blueteamcyberintelligencecybersecurityintelligencemispthreathunting
  Language:Python 16

• elceef / yara-rulz

  Collection of generic YARA rules

  threathuntingyara
  Language:YARA 16

• BenjiTrapp / aws-threat-hunting

  Short deep dive into Threat Hunting on AWS

  awscloudtraildetection-engineeringjupyter-notebookthreathunting
  Language:Jupyter Notebook 13

• ManuelBerrueta / BST

  🏴‍☠️ BST is an ever-evolving collection of 🛠 tools to help in security and administration tasks 😉

  securityoffensivesecurityoffensive-securityazuredfirincident-responseredteamredteam-toolsredteamingthreat-huntingthreathuntingapplicationsecurityappseccontainerskubernetesblueteamcloud
  Language:Python 11

• TeMiroYteHasheo / The-Hunters-Framework

  Project to Support The Hunter's Framework (THF)

  threathuntingthreat-huntingthreat-detectionthfcybersecuritycybersecurity-education
  11

• N3tworkSec / N3tstatIDS

  Lightweight Endpoint Detection & Response (EDR) Framework

  n3tstat-idsedrbeacon-analysisthreathuntingaptbeacon-huntingapt-detectionmalwaredetection
  9

• Richard1611 / RemoteKapeTriage

  A powershell tool that automate the remote forensic evidence adquisitions (triage) from Remote windows machines, using KAPE tool.

  powershellpowershell-scriptforensicsincident-responseforensic-analysisthreathuntingkapetriagecybersecurityinformation-securityinformation-gathering
  Language:PowerShell 8

• buzzer-re / DeepSecurity-2-ATTCK

  Pull your DS rules and build a ATT&CK matrix

  mitre-attackthreathuntingblueteamdeep-security
  Language:Python 7

• xFFninja / happy_threat_hunting

  Threat Hunting

  detectionkqlsiemsigma-rulesthreathunting
  6