Tools for simulating threats
☆203Oct 27, 2023Updated 2 years ago
Alternatives and similar repositories for threat-tools
Users that are interested in threat-tools are comparing it to the libraries listed below
Sorting:
- Endpoint detection for remote hosts for consumption by RITA and Elasticsearch☆80Feb 9, 2026Updated last month
- Passive service locator, a python sniffer that identifies servers, clients, names and much more☆260Feb 9, 2026Updated last month
- Beacon Kibana Executable Report. Aggregates Sysmon Network Events With Elasticsearch and Kibana☆301Updated this week
- Extracts fields from zeek logs, compatible with zeek-cut☆26Jul 10, 2024Updated last year
- Collection of walkthroughs on various threat hunting techniques☆76Aug 3, 2020Updated 5 years ago
- Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis…☆2,516Jan 12, 2026Updated 2 months ago
- Run zeek with zeekctl in docker☆63Sep 12, 2024Updated last year
- Automation scripts to deploy Windows Event Forwarding, Sysmon, and custom audit policies in an Active Directory environment.☆488Nov 21, 2024Updated last year
- ☆58Mar 4, 2022Updated 4 years ago
- ☆2,390Oct 14, 2023Updated 2 years ago
- These are the labs for my Intro class. Yes, this is public. Yes, this is intentional.☆1,761Feb 13, 2026Updated last month
- Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis…☆530Mar 10, 2026Updated last week
- Distribution of the SANS SEC504 Windows Cheat Sheet Lab☆79May 25, 2020Updated 5 years ago
- ☆50Jan 30, 2026Updated last month
- ☆19Dec 9, 2024Updated last year
- A simple Python script to do quick, targeted recon of a given domain.☆70Apr 17, 2025Updated 11 months ago
- PowerShell script helping Incident Responders discover potential adversary persistence mechanisms.☆324May 1, 2025Updated 10 months ago
- ☆17May 28, 2022Updated 3 years ago
- A set of Zeek scripts to detect ATT&CK techniques.☆622Jun 26, 2024Updated last year
- Public rules and samples for various automations through LimaCharlie.io☆14Dec 16, 2021Updated 4 years ago
- An Ansible playbook for deploying the Suricata intrusion detection system and fetching Snort rules with Oinkmaster.☆17Oct 30, 2021Updated 4 years ago
- Passive OS detection based on SYN packets without Transmitting any Data☆50Mar 29, 2023Updated 2 years ago
- Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders☆1,062Oct 5, 2023Updated 2 years ago
- PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monit…☆843Feb 23, 2026Updated last month
- Windows Events Attack Samples☆2,526Jan 24, 2023Updated 3 years ago
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆89Feb 9, 2025Updated last year
- An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.☆340Dec 3, 2025Updated 3 months ago
- The Threat Hunting In Rapid Iterations (THIRI) Jupyter notebook is designed as a research aide to let you rapidly prototype threat huntin…☆154Apr 25, 2022Updated 3 years ago
- Detect Tactics, Techniques & Combat Threats☆2,269Jan 21, 2026Updated 2 months ago
- A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data int…☆2,460Updated this week
- Automated Adversary Emulation Platform☆6,831Updated this week
- Purpleteam scripts simulation & Detection - trigger events for SOC detections☆195Dec 20, 2024Updated last year
- Practical Windows Forensics Training☆754Feb 16, 2026Updated last month
- Digging Deeper....☆3,832Updated this week
- An automated Adversary Emulation lab with terraform and MCP server. Build Caldera techniques and operations assisted with LLMs. Built f…☆205Nov 23, 2025Updated 3 months ago
- Corelight-Ansible-Roles are a collection of Ansible Roles and playbooks that install, configure, run and manage a variety of Corelight, S…☆16Jun 15, 2021Updated 4 years ago
- A forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.☆737Jun 5, 2025Updated 9 months ago
- Repository of attack and defensive information for Business Email Compromise investigations☆276May 10, 2025Updated 10 months ago
- Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red…☆1,018Sep 8, 2025Updated 6 months ago