Tools for simulating threats
☆200Oct 27, 2023Updated 2 years ago
Alternatives and similar repositories for threat-tools
Users that are interested in threat-tools are comparing it to the libraries listed below
Sorting:
- Endpoint detection for remote hosts for consumption by RITA and Elasticsearch☆80Feb 9, 2026Updated 2 weeks ago
- Passive service locator, a python sniffer that identifies servers, clients, names and much more☆259Feb 9, 2026Updated 2 weeks ago
- Beacon Kibana Executable Report. Aggregates Sysmon Network Events With Elasticsearch and Kibana☆299Feb 9, 2026Updated 2 weeks ago
- Extracts fields from zeek logs, compatible with zeek-cut☆26Jul 10, 2024Updated last year
- Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis…☆2,516Jan 12, 2026Updated last month
- Collection of walkthroughs on various threat hunting techniques☆76Aug 3, 2020Updated 5 years ago
- ☆58Mar 4, 2022Updated 3 years ago
- ☆2,388Oct 14, 2023Updated 2 years ago
- Automation scripts to deploy Windows Event Forwarding, Sysmon, and custom audit policies in an Active Directory environment.☆489Nov 21, 2024Updated last year
- These are the labs for my Intro class. Yes, this is public. Yes, this is intentional.☆1,753Feb 13, 2026Updated 2 weeks ago
- Run zeek with zeekctl in docker☆63Sep 12, 2024Updated last year
- ☆50Jan 30, 2026Updated last month
- Passive OS detection based on SYN packets without Transmitting any Data☆49Mar 29, 2023Updated 2 years ago
- A set of Zeek scripts to detect ATT&CK techniques.☆620Jun 26, 2024Updated last year
- The Threat Hunting In Rapid Iterations (THIRI) Jupyter notebook is designed as a research aide to let you rapidly prototype threat huntin…☆154Apr 25, 2022Updated 3 years ago
- Windows Events Attack Samples☆2,515Jan 24, 2023Updated 3 years ago
- TRAM is an open-source platform designed to advance research into automating the mapping of cyber threat intelligence reports to MITRE AT…☆548May 6, 2025Updated 9 months ago
- Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders☆1,059Oct 5, 2023Updated 2 years ago
- PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monit…☆843Feb 23, 2026Updated last week
- Purpleteam scripts simulation & Detection - trigger events for SOC detections☆192Dec 20, 2024Updated last year
- Distribution of the SANS SEC504 Windows Cheat Sheet Lab☆78May 25, 2020Updated 5 years ago
- Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis…☆516Feb 16, 2026Updated 2 weeks ago
- Public rules and samples for various automations through LimaCharlie.io☆14Dec 16, 2021Updated 4 years ago
- A powerful and user-friendly browser extension that streamlines investigations for security professionals.☆415May 13, 2025Updated 9 months ago
- PowerShell script helping Incident Responders discover potential adversary persistence mechanisms.☆324May 1, 2025Updated 10 months ago
- A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data int…☆2,445Updated this week
- Active C&C Detector☆156Oct 5, 2023Updated 2 years ago
- Detect Tactics, Techniques & Combat Threats☆2,263Jan 21, 2026Updated last month
- Tools to automate and/or expedite response.☆116Jul 5, 2024Updated last year
- A support web page for my eJPT / eCPPT Certification Process☆16Jan 18, 2018Updated 8 years ago
- An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.☆341Dec 3, 2025Updated 2 months ago
- Credential and Red Teaming Defense for Windows Environments☆330Jul 17, 2024Updated last year
- Python command line tool used for generating GIAC Certification indexes.☆29Jul 17, 2023Updated 2 years ago
- Purple Team Exercise Framework☆768Jan 4, 2024Updated 2 years ago
- Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red…☆1,008Sep 8, 2025Updated 5 months ago
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆89Feb 9, 2025Updated last year
- Practical Windows Forensics Training☆751Feb 16, 2026Updated last week
- A curated Cyber "Security Orchestration, Automation and Response (SOAR)" awesome list.☆974Aug 26, 2024Updated last year
- Digging Deeper....☆3,784Updated this week