Th1ru-M / Windows-Threat-Hunting
Hunt for Keywords , Mutex, Windows Event,Registry Keys,Process,Schedule tasks in Windows Machine
☆22Updated 3 years ago
Related projects: ⓘ
- Links to malware-related YARA rules☆14Updated last year
- Carbon Black Response IR tool☆53Updated 3 years ago
- Queries for Carbon Black Response☆11Updated 4 years ago
- ☆25Updated 3 years ago
- This repository aims to collect and document indicators from the different C2's listed in the C2-Matrix☆72Updated 2 years ago
- ☆42Updated last year
- See adversary, do adversary: Simple execution of commands for defensive tuning/research (now with more ELF on the shelf)☆102Updated last year
- Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.☆74Updated 2 years ago
- Tweettioc Splunk App☆20Updated 4 years ago
- A simple command line program to help defender test their detections for network beacon patterns and domain fronting☆65Updated 2 years ago
- Library of threat hunts to get any user started!☆40Updated 4 years ago
- IcedID Decryption Tool☆27Updated 3 years ago
- Automated detection rule analysis utility☆29Updated last year
- ☆37Updated this week
- Active C2 IoCs☆96Updated last year
- Picus Labs☆42Updated 3 years ago
- Rhaegal is a tool written in Python 3 used to scan Windows Event Logs for suspicious logs. Rhaegal uses custom rule format to detect sus…☆39Updated 11 months ago
- ☆34Updated last year
- This is a repository that is meant to hold detections for various process injection techniques.☆32Updated 4 years ago
- The project was moved here https://github.com/atomic-threat-coverage/atomic-threat-coverage☆23Updated 5 years ago
- TA505+ Adversary Simulation☆64Updated 3 years ago
- C# User Simulation☆33Updated last year
- Placeholder for my detection repo and misc detection engineering content☆43Updated 10 months ago
- Tracking APT IOCs☆24Updated 3 years ago
- A CALDERA plugin for ATT&CK Evaluations Round 1☆33Updated last year
- ShellSweeping the evil.☆49Updated 3 months ago
- ☆47Updated 4 years ago
- Joystick is a tool that gives you the ability to transform the ATT&CK Evaluations data into concise views that brings forward the nuances…☆64Updated last year
- Standardized Malware Analysis Tool☆51Updated 3 years ago
- Pointer was developed for massive hunting and mapping Cobalt Strike servers exposed on the internet.☆65Updated 2 years ago