APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
☆1,412Nov 7, 2024Updated last year
Alternatives and similar repositories for APT-Hunter
Users that are interested in APT-Hunter are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Windows Events Attack Samples☆2,586Jan 24, 2023Updated 3 years ago
- Rapidly Search and Hunt through Windows Forensic Artefacts☆3,583May 9, 2026Updated 2 months ago
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆827May 30, 2026Updated last month
- Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.☆3,238Updated this week
- Investigate malicious Windows logon by visualizing and analyzing Windows event log☆3,194Apr 22, 2026Updated 2 months ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Collection of Event ID ressources useful for Digital Forensics and Incident Response☆660Jun 19, 2024Updated 2 years ago
- WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)☆776Feb 3, 2023Updated 3 years ago
- A toolset to make a system look as if it was the victim of an APT attack☆2,752Sep 23, 2025Updated 9 months ago
- Scan files or process memory for CobaltStrike beacons and parse their configuration☆919Aug 19, 2021Updated 4 years ago
- Malwoverview is a first response tool for threat hunting across VirusTotal, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, M…☆3,912Jun 26, 2026Updated last week
- ☆1,138Dec 19, 2023Updated 2 years ago
- Defences against Cobalt Strike☆1,303Jul 14, 2022Updated 3 years ago
- ☆2,407Oct 14, 2023Updated 2 years ago
- Interesting APT Report Collection And Some Special IOCs☆3,015Jun 29, 2026Updated last week
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows…☆2,134Dec 11, 2024Updated last year
- Utilities for Sysmon☆1,653Apr 4, 2026Updated 3 months ago
- Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).☆815Jan 14, 2026Updated 5 months ago
- A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…☆4,598Jan 12, 2026Updated 5 months ago
- Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.☆634May 21, 2026Updated last month
- Open Source EDR for Windows☆1,309Feb 25, 2023Updated 3 years ago
- Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detection…☆867Jan 20, 2022Updated 4 years ago
- Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders☆1,073Oct 5, 2023Updated 2 years ago
- Main Sigma Rule Repository☆10,707Updated this week
- End-to-end encrypted email - Proton Mail • AdSpecial offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
- Documentation and scripts to properly enable Windows event logs.☆708Oct 3, 2025Updated 9 months ago
- A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365☆793Oct 29, 2022Updated 3 years ago
- Detect Tactics, Techniques & Combat Threats☆2,303Jun 2, 2026Updated last month
- Threat Hunting tool about Sysmon and graphs☆341May 28, 2023Updated 3 years ago
- Small and highly portable detection tests based on MITRE's ATT&CK.☆12,167Updated this week
- Elastic Security detection content for Endpoint☆1,451Jun 30, 2026Updated last week
- A repository of sysmon configuration modules☆3,074Jun 25, 2026Updated last week
- Digging Deeper....☆4,066Jun 24, 2026Updated 2 weeks ago
- DFIRTrack - The Incident Response Tracking Application☆536Jan 13, 2026Updated 5 months ago
- Bare Metal GPUs on DigitalOcean Gradient AI • AdPurpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
- A repository of DFIR-related Mind Maps geared towards the visual learners!☆549Sep 2, 2022Updated 3 years ago
- Loki - Simple IOC and YARA Scanner☆3,765Jan 12, 2026Updated 5 months ago
- Re-play Security Events☆1,782Mar 20, 2024Updated 2 years ago
- Hunts out CobaltStrike beacons and logs operator command output☆962Sep 4, 2024Updated last year
- Misc Threat Hunting Resources☆380Jan 26, 2023Updated 3 years ago
- Incident Response - Fast suspicious file finder☆256Jan 24, 2026Updated 5 months ago
- A curated list of tools for incident response☆9,230May 6, 2026Updated 2 months ago