A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
-
Updated
Feb 15, 2024 - Python
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
Interesting APT Report Collection And Some Special IOC
Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest and it is able to scan Android devices against VT.
IntelOwl: manage your Threat Intelligence at scale
Your Everyday Threat Intelligence
Clusters and elements to attach to MISP events or attributes (like threat actors)
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
This project consists of an open source library allowing software to connect to data repositories using STIX Patterning, and return results as STIX Observations.
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
A collection of resources for Threat Hunters
Scirius is a web application for Suricata ruleset management and threat hunting.
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Extract and aggregate threat intelligence.
The openSquat is an open-source tool for detecting domain look-alikes by searching for newly registered domains that might be impersonating legit domains and brands.
Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
A Holistic OSINT and Threat Hunting Platform
StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.
PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Add a description, image, and links to the threat-hunting topic page so that developers can more easily learn about it.
To associate your repository with the threat-hunting topic, visit your repo's landing page and select "manage topics."