A set of detection rules in the format of DSL which are extract from opensource attack libraries, and aim to map the Sysmon logs to techniques described in ATT&CK
-
Updated
May 22, 2023 - Python
A set of detection rules in the format of DSL which are extract from opensource attack libraries, and aim to map the Sysmon logs to techniques described in ATT&CK
Security Event and Incident Management: A security software that helps recognize and address potential security threats and vulnerabilities.
Python3 wrapper for the GreyNoise API
Analyze domains from Excel list, save status codes, IP addresses and screenshots.
Tracking APT IOCs
Azure OSINT is a Cloudflare Worker that performs quick Azure Tenant OSINT on a domain.
DeepHate is a so cool educational DHT Sniffer!
A collection of specific commands used by threat actors, detailing their procedural implementations of tactics and techniques from the MITRE ATT&CK framework.
This script will store the file count and directory size into a log file. This can also be sent to slack.
DiaLog is a powerful Log File Analyzer that can also do passive analysis of malicious IP's Found in web-server Traffic
Hawk Cloud Forensics PowerShell module documentation and cloud forensics blog.
Some shared yara rules
Academic Project for 6220
BlackIP-Rep is a tool designed to gather the reputation and information of Bulk IP's. Focused on increasing the workflow of Security Operations(SOC) team during investigation.
Simple Script to download all the Malware Bazaar daily batches
Parses and Analyse Authentication on Windows Event Log
This Python script is tailored for parsing log files exported from Fortinet-FortiAnalyzer. It's specifically designed to assist in filtering log entries based on source and/or destination IP addresses, making it an invaluable tool for preparing logs for insertion into any SIEM platform.
Add a description, image, and links to the threat-hunting topic page so that developers can more easily learn about it.
To associate your repository with the threat-hunting topic, visit your repo's landing page and select "manage topics."