APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
☆1,405Nov 7, 2024Updated last year
Alternatives and similar repositories for APT-Hunter
Users that are interested in APT-Hunter are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Windows Events Attack Samples☆2,531Jan 24, 2023Updated 3 years ago
- Rapidly Search and Hunt through Windows Forensic Artefacts☆3,484Mar 2, 2026Updated 3 weeks ago
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆794Mar 22, 2026Updated last week
- Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.☆3,088Mar 21, 2026Updated last week
- Investigate malicious Windows logon by visualizing and analyzing Windows event log☆3,141Oct 19, 2025Updated 5 months ago
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Collection of Event ID ressources useful for Digital Forensics and Incident Response☆643Jun 19, 2024Updated last year
- WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)☆779Feb 3, 2023Updated 3 years ago
- A toolset to make a system look as if it was the victim of an APT attack☆2,723Sep 23, 2025Updated 6 months ago
- Scan files or process memory for CobaltStrike beacons and parse their configuration☆921Aug 19, 2021Updated 4 years ago
- Malwoverview is a first response tool for threat hunting across VirusTotal, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, M…☆3,715Mar 21, 2026Updated last week
- ☆1,134Dec 19, 2023Updated 2 years ago
- Defences against Cobalt Strike☆1,297Jul 14, 2022Updated 3 years ago
- ☆2,392Oct 14, 2023Updated 2 years ago
- Interesting APT Report Collection And Some Special IOCs☆2,956Updated this week
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
- Utilities for Sysmon☆1,579Sep 21, 2025Updated 6 months ago
- Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows…☆2,078Dec 11, 2024Updated last year
- Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).☆807Jan 14, 2026Updated 2 months ago
- A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…☆4,508Jan 12, 2026Updated 2 months ago
- Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.☆617Dec 8, 2025Updated 3 months ago
- Open Source EDR for Windows☆1,297Feb 25, 2023Updated 3 years ago
- Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detection…☆864Jan 20, 2022Updated 4 years ago
- Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders☆1,064Oct 5, 2023Updated 2 years ago
- Main Sigma Rule Repository☆10,224Mar 19, 2026Updated last week
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- Documentation and scripts to properly enable Windows event logs.☆674Oct 3, 2025Updated 5 months ago
- A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365☆791Oct 29, 2022Updated 3 years ago
- Detect Tactics, Techniques & Combat Threats☆2,270Jan 21, 2026Updated 2 months ago
- Small and highly portable detection tests based on MITRE's ATT&CK.☆11,718Mar 18, 2026Updated last week
- Threat Hunting tool about Sysmon and graphs☆337May 28, 2023Updated 2 years ago
- Elastic Security detection content for Endpoint☆1,392Updated this week
- Digging Deeper....☆3,855Updated this week
- A repository of sysmon configuration modules☆2,996Aug 21, 2024Updated last year
- DFIRTrack - The Incident Response Tracking Application☆534Jan 13, 2026Updated 2 months ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- A repository of DFIR-related Mind Maps geared towards the visual learners!☆549Sep 2, 2022Updated 3 years ago
- Re-play Security Events☆1,729Mar 20, 2024Updated 2 years ago
- Loki - Simple IOC and YARA Scanner☆3,735Jan 12, 2026Updated 2 months ago
- Hunts out CobaltStrike beacons and logs operator command output☆951Sep 4, 2024Updated last year
- Misc Threat Hunting Resources☆377Jan 26, 2023Updated 3 years ago
- A curated list of tools for incident response☆8,901Jul 18, 2024Updated last year
- Incident Response - Fast suspicious file finder☆253Jan 24, 2026Updated 2 months ago