OTRF/detection-hackathon-apt29

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/OTRF/detection-hackathon-apt29)

OTRF / detection-hackathon-apt29

Place for resources used during the Mordor Detection hackathon event featuring APT29 ATT&CK evals datasets

☆143

Alternatives and similar repositories for detection-hackathon-apt29

Users that are interested in detection-hackathon-apt29 are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

Sorting:

OTRF / SimuLand
View on GitHub
Cloud Templates and scripts to deploy mordor environments
☆129Mar 3, 2021Updated 5 years ago
OTRF / infosec-jupyterthon
View on GitHub
A community event for security researchers to share their favorite notebooks
☆108Feb 15, 2024Updated 2 years ago
mitre-attack / attack-arsenal
View on GitHub
A collection of red team and adversary emulation resources developed and released by MITRE.
☆534Apr 20, 2021Updated 4 years ago
OTRF / OSSEM
View on GitHub
Open Source Security Events Metadata (OSSEM)
☆1,289Feb 27, 2023Updated 3 years ago
OTRF / Security-Datasets
View on GitHub
Re-play Security Events
☆1,728Mar 20, 2024Updated 2 years ago
sbousseaden / Slides
View on GitHub
Misc Threat Hunting Resources
☆377Jan 26, 2023Updated 3 years ago
sbousseaden / EVTX-ATTACK-SAMPLES
View on GitHub
Windows Events Attack Samples
☆2,526Jan 24, 2023Updated 3 years ago
trustedsec / SysmonCommunityGuide
View on GitHub
TrustedSec Sysinternals Sysmon Community Guide
☆1,384Feb 10, 2026Updated last month
sevickson / osquery_tables_graph
View on GitHub
Repository containing Jupyter Notebooks for working with OSQuery tables and data
☆17May 8, 2020Updated 5 years ago
mitre-attack / evals_caldera
View on GitHub
A CALDERA plugin for ATT&CK Evaluations Round 1
☆33Sep 14, 2023Updated 2 years ago
thomaspatzke / elk-detection-lab
View on GitHub
An ELK environment containing interesting security datasets.
☆136May 11, 2020Updated 5 years ago
mandiant / SilkETW
View on GitHub
☆826Jun 1, 2023Updated 2 years ago
Cyb3rWard0g / presentations
View on GitHub
Presentation Slides and Video links
☆32Nov 8, 2021Updated 4 years ago
OTRF / ThreatHunter-Playbook
View on GitHub
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…
☆4,501Jan 12, 2026Updated 2 months ago
OTRF / Blacksmith
View on GitHub
Building environments to replicate small networks and deploy applications
☆330Jan 9, 2026Updated 2 months ago
mitre-attack / attack-datasources
View on GitHub
This content is analysis and research of the data sources currently listed in ATT&CK.
☆413Sep 13, 2023Updated 2 years ago
OTRF / ATTACK-Python-Client
View on GitHub
Python Script to access ATT&CK content available in STIX via a public TAXII server
☆568Dec 19, 2025Updated 3 months ago
CanTopay / thehive-playbook-creator
View on GitHub
A script to create and assign SOP tasks into the cases
☆20Aug 16, 2020Updated 5 years ago
n0dec / MalwLess
View on GitHub
Test Blue Team detections without running any attack.
☆272May 2, 2024Updated last year
edoardogerosa / sentinel-attack
View on GitHub
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
☆1,080Nov 28, 2024Updated last year
randomuserid / Tylium
View on GitHub
Primary data pipelines for intrusion detection, security analytics and threat hunting
☆85Jan 9, 2022Updated 4 years ago
rabobank-cdc / DeTTECT
View on GitHub
Detect Tactics, Techniques & Combat Threats
☆2,269Jan 21, 2026Updated 2 months ago
mitre-attack / bzar
View on GitHub
A set of Zeek scripts to detect ATT&CK techniques.
☆622Jun 26, 2024Updated last year
atc-project / atomic-threat-coverage
View on GitHub
Actionable analytics designed to combat threats
☆1,005May 25, 2022Updated 3 years ago
olafhartong / ThreatHunting
View on GitHub
A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
☆1,174Jul 26, 2023Updated 2 years ago
Nclose-ZA / elastalert_hive_alerter
View on GitHub
This package allows the use of a custom Elastalert Alert which creates alerts with observables in TheHive using TheHive4Py.
☆26May 18, 2021Updated 4 years ago
mitre-attack / joystick
View on GitHub
Joystick is a tool that gives you the ability to transform the ATT&CK Evaluations data into concise views that brings forward the nuances…
☆64Sep 13, 2023Updated 2 years ago
tvfischer / ps-srum-hunting
View on GitHub
PowerShell Script to facilitate the processing of SRUM data for on-the-fly forensics and if needed threat hunting
☆23Oct 26, 2019Updated 6 years ago
mitre-attack / car
View on GitHub
Cyber Analytics Repository
☆991May 16, 2025Updated 10 months ago
0xtf / testmynids.org
View on GitHub
A website and framework for testing NIDS detection
☆57Aug 29, 2021Updated 4 years ago
miriamxyra / EventList
View on GitHub
EventList
☆377Mar 21, 2021Updated 5 years ago
ashwin-patil / threat-hunting-with-notebooks
View on GitHub
Repository with Sample threat hunting notebooks on Security Event Log Data Sources
☆69Dec 2, 2022Updated 3 years ago
MHaggis / sysmon-dfir
View on GitHub
Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
☆938Dec 12, 2023Updated 2 years ago
fozavci / petaqc2
View on GitHub
Petaq - Purple Team Command & Control Server
☆105Dec 8, 2022Updated 3 years ago
NVISOsecurity / ee-outliers
View on GitHub
Open-source framework to detect outliers in Elasticsearch events
☆205May 22, 2023Updated 2 years ago
3CORESec / MAL-CL
View on GitHub
MAL-CL (Malicious Command-Line)
☆322Jan 10, 2023Updated 3 years ago
olafhartong / sysmon-modular
View on GitHub
A repository of sysmon configuration modules
☆2,994Aug 21, 2024Updated last year
Cyb3rWard0g / docker-pupy
View on GitHub
Docker setup for Pupy
☆28Jul 23, 2023Updated 2 years ago
open-nsm / meetings
View on GitHub
Meeting notes
☆14Apr 5, 2016Updated 9 years ago