ahmedkhlief / APT-HunterLinks
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
☆1,377Updated 10 months ago
Alternatives and similar repositories for APT-Hunter
Users that are interested in APT-Hunter are comparing it to the libraries listed below
Sorting:
- Open Source EDR for Windows☆1,275Updated 2 years ago
- Defences against Cobalt Strike☆1,294Updated 3 years ago
- Automatically created C2 Feeds☆647Updated this week
- Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red…☆953Updated 3 weeks ago
- Elastic Security detection content for Endpoint☆1,299Updated last week
- ☆552Updated last year
- An Active Defense and EDR software to empower Blue Teams☆1,303Updated 2 years ago
- Windows Events Attack Samples☆2,421Updated 2 years ago
- ☆1,106Updated last year
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆744Updated 5 months ago
- Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detection…☆855Updated 3 years ago
- ☆513Updated 11 months ago
- WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)☆782Updated 2 years ago
- Sophos-originated indicators-of-compromise from published reports☆633Updated last month
- Utilities for Sysmon☆1,550Updated last week
- Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.☆590Updated 8 months ago
- Interesting APT Report Collection And Some Special IOCs☆2,681Updated last week
- Scan files or process memory for CobaltStrike beacons and parse their configuration☆918Updated 4 years ago
- Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders☆942Updated last year
- This project aims to compare and evaluate the telemetry of various EDR products.☆1,836Updated last week
- A collection of red team and adversary emulation resources developed and released by MITRE.☆519Updated 4 years ago
- Ransomware simulator written in Golang☆450Updated 3 years ago
- Indicators of compromise (IOCs) collected from public resources and categorized by Qi-AnXin.☆950Updated last month
- Investigate malicious Windows logon by visualizing and analyzing Windows event log☆2,999Updated last month
- RegRipper3.0☆641Updated 9 months ago
- VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities a…☆1,517Updated last week
- A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the …☆1,761Updated 11 months ago
- Guidance for mitigation web shells. #nsacyber☆981Updated 2 years ago
- Detect Tactics, Techniques & Combat Threats☆2,204Updated 2 months ago
- An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.☆1,990Updated 4 months ago