Tools for simulating threats
☆203Oct 27, 2023Updated 2 years ago
Alternatives and similar repositories for threat-tools
Users that are interested in threat-tools are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Endpoint detection for remote hosts for consumption by RITA and Elasticsearch☆81Mar 19, 2026Updated last month
- Passive service locator, a python sniffer that identifies servers, clients, names and much more☆262Feb 9, 2026Updated 2 months ago
- Beacon Kibana Executable Report. Aggregates Sysmon Network Events With Elasticsearch and Kibana☆303Mar 19, 2026Updated last month
- Extracts fields from zeek logs, compatible with zeek-cut☆27Jul 10, 2024Updated last year
- Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis…☆2,511Jan 12, 2026Updated 3 months ago
- Serverless GPU API endpoints on Runpod - Get Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- Collection of walkthroughs on various threat hunting techniques☆77Aug 3, 2020Updated 5 years ago
- Run zeek with zeekctl in docker☆63Mar 27, 2026Updated last month
- Automation scripts to deploy Windows Event Forwarding, Sysmon, and custom audit policies in an Active Directory environment.☆488Nov 21, 2024Updated last year
- ☆58Mar 4, 2022Updated 4 years ago
- ☆2,403Oct 14, 2023Updated 2 years ago
- These are the labs for my Intro class. Yes, this is public. Yes, this is intentional.☆1,784Feb 13, 2026Updated 2 months ago
- Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis…☆552Apr 2, 2026Updated last month
- Distribution of the SANS SEC504 Windows Cheat Sheet Lab☆81May 25, 2020Updated 5 years ago
- ☆50Jan 30, 2026Updated 3 months ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- ☆19Mar 26, 2026Updated last month
- PowerShell script helping Incident Responders discover potential adversary persistence mechanisms.☆327May 1, 2025Updated last year
- ☆17May 28, 2022Updated 3 years ago
- A set of Zeek scripts to detect ATT&CK techniques.☆621Jun 26, 2024Updated last year
- A simple Python script to do quick, targeted recon of a given domain.☆74Apr 17, 2025Updated last year
- Public rules and samples for various automations through LimaCharlie.io☆14Dec 16, 2021Updated 4 years ago
- An Ansible playbook for deploying the Suricata intrusion detection system and fetching Snort rules with Oinkmaster.☆17Oct 30, 2021Updated 4 years ago
- Passive OS detection based on SYN packets without Transmitting any Data☆50Mar 29, 2023Updated 3 years ago
- Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders☆1,070Oct 5, 2023Updated 2 years ago
- Deploy open-source AI quickly and easily - Special Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monit…☆845Feb 23, 2026Updated 2 months ago
- Windows Events Attack Samples☆2,555Jan 24, 2023Updated 3 years ago
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆89Feb 9, 2025Updated last year
- An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.☆340Dec 3, 2025Updated 5 months ago
- The Threat Hunting In Rapid Iterations (THIRI) Jupyter notebook is designed as a research aide to let you rapidly prototype threat huntin…☆154Apr 25, 2022Updated 4 years ago
- Detect Tactics, Techniques & Combat Threats☆2,286Updated this week
- A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data int…☆2,478Apr 26, 2026Updated last week
- Automated Adversary Emulation Platform☆6,931Updated this week
- Purpleteam scripts simulation & Detection - trigger events for SOC detections☆198Dec 20, 2024Updated last year
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Practical Windows Forensics Training☆764Feb 16, 2026Updated 2 months ago
- Digging Deeper....☆3,936Updated this week
- Corelight-Ansible-Roles are a collection of Ansible Roles and playbooks that install, configure, run and manage a variety of Corelight, S…☆16Jun 15, 2021Updated 4 years ago
- Repository of attack and defensive information for Business Email Compromise investigations☆276Apr 19, 2026Updated 2 weeks ago
- A forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.☆744Jun 5, 2025Updated 10 months ago
- An automated Adversary Emulation lab with terraform and MCP server. Build Caldera techniques and operations assisted with LLMs. Built f…☆209Nov 23, 2025Updated 5 months ago
- A curated Cyber "Security Orchestration, Automation and Response (SOAR)" awesome list.☆990Aug 26, 2024Updated last year