ahmedkhlief / APT-Hunter
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
☆1,256Updated 2 weeks ago
Related projects ⓘ
Alternatives and complementary repositories for APT-Hunter
- Defences against Cobalt Strike☆1,281Updated 2 years ago
- Windows Events Attack Samples☆2,248Updated last year
- An Active Defense and EDR software to empower Blue Teams☆1,239Updated last year
- Open Source EDR for Windows☆1,152Updated last year
- Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red…☆846Updated 3 weeks ago
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆680Updated last week
- An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.☆1,724Updated 10 months ago
- ☆505Updated last month
- VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities a…☆1,396Updated 2 months ago
- Automatically created C2 Feeds☆531Updated this week
- Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.☆528Updated 2 months ago
- Detect Tactics, Techniques & Combat Threats☆2,067Updated 2 weeks ago
- A toolset to make a system look as if it was the victim of an APT attack☆2,470Updated last year
- A collection of red team and adversary emulation resources developed and released by MITRE.☆492Updated 3 years ago
- Bloodhound Reporting for Blue and Purple Teams☆1,123Updated last month
- Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders☆767Updated last year
- ☆526Updated 11 months ago
- A Splunk app mapped to MITRE ATT&CK to guide your threat hunts☆1,138Updated last year
- Sophos-originated indicators-of-compromise from published reports☆545Updated 2 weeks ago
- PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monit…☆775Updated last year
- A repository of sysmon configuration modules☆2,664Updated 3 months ago
- RegRipper3.0☆558Updated 2 weeks ago
- This project aims to compare and evaluate the telemetry of various EDR products.☆1,698Updated this week
- ☆1,022Updated 11 months ago
- Re-play Security Events☆1,604Updated 8 months ago
- Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detection…☆833Updated 2 years ago
- Ransomware simulator written in Golang☆409Updated 2 years ago
- ☆2,189Updated last year
- TrustedSec Sysinternals Sysmon Community Guide☆1,148Updated 5 months ago