Topic: threat-hunting Goto Github

Some thing interesting about threat-hunting

👇 Here are 538 public repositories matching this topic...

0x4d31 / awesome-threat-detection

threat-hunting,✨ A curated list of awesome threat detection and hunting resources 🕵️‍♂️

User: 0x4d31

Home Page: https://0x4d31.github.io/awesome-threat-detection/

awesome awesome-list threat-hunting security detection threat-detection incident-response

0x4d31 / fatt

threat-hunting,FATT /fingerprintAllTheThings - a pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic

User: 0x4d31

fingerprinting honeypot metadata network python quic rdp security ssh threat-hunting tls tshark

0x783kb / security-operation-book

threat-hunting,常见的攻击行为监测特征及方法，涵盖端点和流量，未包含PowerShell和Sysmon。预祝运营生活愉快！

User: 0x783kb

Home Page: https://0x783kb.github.io/Security-Operation-Book/

threat-hunting attck security security-operation soc

0xrawsec / whids

threat-hunting,Open Source EDR for Windows

Organization: 0xrawsec

Home Page: https://rawsec.lu

dfir threat-hunting windows ids sysmon edr

a3sal0n / cyberthreathunting

threat-hunting,A collection of resources for Threat Hunters

User: a3sal0n

cybersecurity dfir incident-response threat-hunting threat-intelligence

threat-hunting,APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

User: ahmedkhlief

Home Page: https://shells.systems/introducing-apt-hunter-threat-hunting-tool-via-windows-event-log/

threat-hunting purpleteam python3 windows-eventlog apt-attacks incident-response forensic-analysis windows-event-logs

alexandreborges / malwoverview

threat-hunting,Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest and it is able to scan Android devices against VT.

User: alexandreborges

Home Page: https://github.com/alexandreborges/malwoverview

malware virustotal malpedia urlhaus alienvault malshare threathunting malwarebazaar threatfox cybersecurity

alvin-tosh / malware-exhibit

threat-hunting,🚀🚀 This is a 🎇🔥 REAL WORLD🔥 🎇 Malware Collection I have Compiled & analysed by researchers🔥 to understand more about Malware threats😈, analysis and mitigation🧐.

User: alvin-tosh

cryptography cybersecurity encryption-decryption ethical-hacking infosec keylogger malware-analysis malware-research ransomware stealer-windows

atenreiro / opensquat

threat-hunting,The openSquat is an open-source tool for detecting domain look-alikes by searching for newly registered domains that might be impersonating legit domains and brands.

User: atenreiro

Home Page: https://opensquat.com

threat-intelligence typosquatting cybersquatting phishing-detection phishing osint security-tools domain-squatting threat-hunting phishing-domains

bert-janp / hunting-queries-detection-rules

threat-hunting,KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

User: bert-janp

Home Page: https://kqlquery.com

azure defender-for-endpoint dfir kql sentinel threat-hunting vulnerability-management zero-day blueteam cybersecurity

bfuzzy / auditd-attack

threat-hunting,A Linux Auditd rule set mapped to MITRE's Attack Framework

User: bfuzzy

auditd attack-detection mitre-attack threat-hunting linux

blackorbird / apt_report

threat-hunting,Interesting APT Report Collection And Some Special IOC

User: blackorbird

apt cybersecurity malware security threat-hunting

curated-intel / ukraine-cyber-operations

threat-hunting,Curated Intelligence is working with analysts from around the world to provide useful information to organisations in Ukraine looking for additional free threat intelligence. Slava Ukraini. Glory to Ukraine.

Organization: curated-intel

Home Page: https://www.curatedintel.org/

ukraine osint cti threat-intelligence iocs threat-hunting yara malware

cyb3r-monk / threat-hunting-and-detection

threat-hunting,Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).

User: cyb3r-monk

threat-hunting threat-detection cybersecurity defender-for-endpoint detection-engineering dfir kql kusto-language microsoft-sentinel

cyb3rward0g / helk

threat-hunting,The Hunting ELK

User: cyb3rward0g

docker dockerhub elastic elasticsearch elk elk-stack hunting hunting-platforms jupyter-notebook kibana logstash spark threat-hunting

darkquasar / azurehunter

threat-hunting,A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365

User: darkquasar

azforensics azure azure-forensics azuresearcher cloud-forensics cybersecurity dfir digital-forensics incident-response powershellv5 threat-hunting threathunting unifiedauditlog

deepfence / yarahunter

threat-hunting,🔍🔍 Malware scanner for cloud-native, as part of CI/CD and at Runtime 🔍🔍

Organization: deepfence

Home Page: https://deepfence.io/

devsecops devsecops-best-practices devsecops-pipeline ioc malware threat-hunting yara yara-scanner ci-cd hacktoberfest

elceef / dnstwist

threat-hunting,Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

User: elceef

Home Page: https://dnstwist.it

phishing typosquatting domains dns osint idn fuzzing threat-hunting homograph-attack scanner

inquest / awesome-yara

threat-hunting,A curated list of awesome YARA rules, tools, and people.

Organization: inquest

yara-rules yara-signatures yara malware-rules malware-analysis malware-research malware-detection yara-scanner yara-manager threat-hunting awesome awesome-yara awesome-list ioc

inquest / threatingestor

threat-hunting,Extract and aggregate threat intelligence.

Organization: inquest

Home Page: https://inquest.readthedocs.io/projects/threatingestor/

ioc indicators-of-compromise threatintel threat-intelligence osint dfir malware-research security-tools threat-sharing threat-feeds

intelowlproject / intelowl

threat-hunting,IntelOwl: manage your Threat Intelligence at scale

Organization: intelowlproject

Home Page: https://intelowlproject.github.io

security-tools python threat-intelligence ioc incident-response cyber-threat-intelligence enrichment honeynet osint osint-python

ion28 / bluespawn

threat-hunting,An Active Defense and EDR software to empower Blue Teams

User: ion28

active-defense windows security security-tools blue-team mitre-attack anti-virus edr threat-hunting

kasperskylab / klara

threat-hunting,Kaspersky's GReAT KLara

Organization: kasperskylab

Home Page: https://great.kaspersky.com

yara-rules klara threat-intelligence threat-hunting

matanolabs / matano

threat-hunting,Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

Organization: matanolabs

Home Page: https://matano.dev

aws cloud security big-data serverless apache-iceberg log-analytics log-management threat-hunting rust

misp / misp

threat-hunting,MISP (core software) - Open Source Threat Intelligence and Sharing Platform

Organization: misp

Home Page: https://www.misp-project.org/

misp threat-sharing threat-hunting threatintel malware-analysis stix information-exchange fraud-management security cti

mthcht / awesome-lists

threat-hunting,Awesome Security lists for SOC/CERT/CTI

User: mthcht

blueteam hacktools redteam security soc awesome-list cti ioc blueteam-tools detection

neo23x0 / signature-base

threat-hunting,YARA signature and IOC database for my scanners and tools

User: neo23x0

signature yara-rules ioc scanner yara anti-virus hash threat-hunting threat-intelligence dfir

netevert / sentinel-attack

threat-hunting,Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

User: netevert

siem threat-hunting azure-sentinel mitre-attack sysmon sysmon-config azure blue-team cybersecurity logging

ninoseki / mihari

threat-hunting,A query aggregator for OSINT based threat hunting

User: ninoseki

Home Page: https://ninoseki.github.io/mihari/

threat-hunting threat-intelligence osint

nshalabi / sysmontools

threat-hunting,Utilities for Sysmon

User: nshalabi

sysmon threatintel sysinternals threat-hunting windows netsec monitoring logging threat-intelligence

oisf / suricata

threat-hunting,Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.

Organization: oisf

Home Page: https://suricata.io

security ids ips nsm network-monitoring suricata intrusion-detection-system intrusion-prevention-system threat-hunting cybersecurity

olafhartong / sysmon-modular

threat-hunting,A repository of sysmon configuration modules

User: olafhartong

sysmon dfir threat-hunting mitre-attack modular security-tools

olafhartong / threathunting

threat-hunting,A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

User: olafhartong

splunk mitre-attack threat-hunting dfir

osintbrazuca / osint-brazuca

threat-hunting,Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.

User: osintbrazuca

osint brasil hacking threat-intelligence threat-hunting threatintel

osintbrazuca / osint-brazuca-regex

threat-hunting,Repositório criado com intuito de reunir expressões regulares dentro do contexto Brasil

User: osintbrazuca

brasil brazil hacking osint regex threat-hunting threat-intelligence

otrf / threathunter-playbook

threat-hunting,A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

Organization: otrf

threat-hunting sysmon hunting-campaigns hypothesis hunting dfir hunter mitre-attack-db mitre

patrowl / patrowlmanager

threat-hunting,PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

Organization: patrowl

Home Page: https://www.patrowl.io

automation orchestration secops patrowl incident-response api security-tools vulnerability-management security-automation security-scanner

qeeqbox / chameleon

threat-hunting,19 Customizable honeypots for monitoring network traffic, bots activities and username\password credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres, MySQL, MSSQL, Elastic and ldap)

Organization: qeeqbox

proxy honeypot monitoring network credentials scan chameleon grafana-interface emulator honeypots

sbousseaden / evtx-attack-samples

threat-hunting,Windows Events Attack Samples

User: sbousseaden

Home Page: https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES

threat-hunting evtx windows-security mitre-attack detection-engineering dataset winlogbeat dfir

security-onion-solutions / securityonion

threat-hunting,Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.

Organization: security-onion-solutions

Home Page: https://securityonion.net

case-management cyber-security endpoint-security information-security intrusion-detection-system monitoring network-security security security-tools threat-hunting

stamusnetworks / scirius

threat-hunting,Scirius is a web application for Suricata ruleset management and threat hunting.

Organization: stamusnetworks

python security management interface suricata signatures detection threat-hunting suricata-rules cybersecurity

stamusnetworks / selks

threat-hunting,A Suricata based IDS/IPS/NSM distro

Organization: stamusnetworks

Home Page: https://www.stamus-networks.com/open-source/#selks

suricata network security monitoring management ids ips linux distribution security-monitoring threat-hunting network-intrusion-detection network-security gui user-interface

swiftonsecurity / sysmon-config

threat-hunting,Sysmon configuration file template with default high-quality event tracing

User: swiftonsecurity

sysmon threatintel threat-hunting sysinternals windows netsec monitoring logging

t4d / stalkphish

threat-hunting,StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.

User: t4d

phishing phishing-sites threat-intelligence threat-hunting threatintel fraud-detection osint investigation phishing-kit scammers infosec

teler-sh / teler

threat-hunting,Real-time HTTP Intrusion Detection

Organization: teler-sh

Home Page: https://teler.app

threat-hunting threat-intelligence ids intrusion-detection-system threat-analyzer go golang intrusion-detection intrusion threat

thalesgroup-cert / watcher

threat-hunting,Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.

Organization: thalesgroup-cert

Home Page: https://thalesgroup-cert.github.io/Watcher

cybersecurity threat-hunting django reactjs rss-bridge misp thehive security incident-response threat-detection threat-intelligence nltk watcher certificate-transparency certstream osint osint-python webapp monitoring phishing