Cheat sheets for threat hunting, detection and other stuff.
☆34Oct 7, 2022Updated 3 years ago
Alternatives and similar repositories for Cheat-Sheets
Users that are interested in Cheat-Sheets are comparing it to the libraries listed below
Sorting:
- Community content for LogRhythm Axon. Includes Dashboards, searches, analytics rules, processing policies and more.☆10Jul 26, 2024Updated last year
- Collection of Jupyter Notebook for Threat Hunting and Blue Team Purposes☆22Jun 15, 2022Updated 3 years ago
- Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).☆804Jan 14, 2026Updated last month
- List of custom developed KQL queries to help proactive security teams hunt for opportunistic and sophisticated threat activity by develop…☆26Jun 30, 2021Updated 4 years ago
- Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.☆208Jul 21, 2022Updated 3 years ago
- ☆11Dec 9, 2025Updated 2 months ago
- Generates a detailed CSV file containing Sigma Rules statistics for each service or category, and each level, offering a holistic view of…☆10Dec 22, 2023Updated 2 years ago
- ☆72Oct 21, 2024Updated last year
- Scripts to for ready-to-use Velociraptor instance deployment in Azure☆14Jun 27, 2023Updated 2 years ago
- ☆36Aug 23, 2022Updated 3 years ago
- Random tips and tricks RE: ransomware☆14Aug 17, 2021Updated 4 years ago
- Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods☆14Sep 30, 2022Updated 3 years ago
- ☆13Feb 6, 2018Updated 8 years ago
- ☆66May 13, 2022Updated 3 years ago
- PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.☆37Jul 11, 2023Updated 2 years ago
- Helping Incident Responders hunt for potential persistence mechanisms on UNIX-based systems.☆17Oct 28, 2023Updated 2 years ago
- Assist analyst and threat hunters to understand Windows authentication logs and to analyze brutforce scenarios.☆20Jul 1, 2023Updated 2 years ago
- A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.☆107Nov 23, 2022Updated 3 years ago
- Rapid cybersecurity toolkit based on Elastic in Docker. Designed to quickly build elastic-based environments to analyze and execute threa…☆18Apr 10, 2020Updated 5 years ago
- PowerShell script useful for Incident Response and security/configuration baselines for Windows Vista and later☆20Feb 23, 2016Updated 10 years ago
- Collection of Dashboards for Threat Hunting and more!☆74Oct 17, 2020Updated 5 years ago
- Various PowerShells scripts I've made (or others have made) to automate some of the boring stuff in my everyday DFIR journey!☆51Jan 9, 2026Updated last month
- Threat Hunter's Knowledge Base☆22Dec 27, 2021Updated 4 years ago
- ☆21May 8, 2022Updated 3 years ago
- ☆78Sep 29, 2025Updated 5 months ago
- ☆77Jun 25, 2019Updated 6 years ago
- Notes and Commands for CTFs☆22Apr 28, 2020Updated 5 years ago
- Cyber Threat Intelligence☆78Dec 7, 2025Updated 2 months ago
- VirusTotal SIEM Integration and Automation☆18Jan 16, 2017Updated 9 years ago
- Rules generated from our investigations.☆204Jun 17, 2025Updated 8 months ago
- WLEAPP is an open source project that aims to parse Windows OS artifacts for the purpose of triage analysis.☆32Nov 16, 2023Updated 2 years ago
- Decentralized Cyber Threat Intelligence Kaizen Framework☆27Jan 31, 2022Updated 4 years ago
- Notes only☆19May 2, 2022Updated 3 years ago
- Threat Hunting & Incident Investigation with Osquery☆216Mar 30, 2022Updated 3 years ago
- Reference sheet for Threat Hunting Professional Course☆26Mar 10, 2019Updated 6 years ago
- 🔍 A collection of interesting, funny, and depressing search queries to plug into https://shodan.io/ 👩💻☆23Oct 19, 2019Updated 6 years ago
- Collection of scripts to extract Azure resource information to support security compliance audit.☆22Jan 18, 2022Updated 4 years ago
- Advanced Hunting Queries for Microsoft Security Products☆108Jan 10, 2023Updated 3 years ago
- A public repository of MITRE ATT&ACK TTP mappings by BushidoUK for OSINT reports that lack a section breaking down the TTPs.☆27Mar 20, 2025Updated 11 months ago