ahmedkhlief / APT-HunterView external linksLinks
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
☆1,400Nov 7, 2024Updated last year
Alternatives and similar repositories for APT-Hunter
Users that are interested in APT-Hunter are comparing it to the libraries listed below
Sorting:
- Windows Events Attack Samples☆2,507Jan 24, 2023Updated 3 years ago
- Rapidly Search and Hunt through Windows Forensic Artefacts☆3,440Oct 12, 2025Updated 4 months ago
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆780Updated this week
- Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.☆3,020Updated this week
- Investigate malicious Windows logon by visualizing and analyzing Windows event log☆3,049Oct 19, 2025Updated 3 months ago
- Collection of Event ID ressources useful for Digital Forensics and Incident Response☆642Jun 19, 2024Updated last year
- A toolset to make a system look as if it was the victim of an APT attack☆2,710Sep 23, 2025Updated 4 months ago
- WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)☆779Feb 3, 2023Updated 3 years ago
- Defences against Cobalt Strike☆1,293Jul 14, 2022Updated 3 years ago
- Malwoverview is a rapid response tool used to gather intelligence information from VirusTotal, Hybrid Analysis, URLHaus, Polyswarm, Malsh…☆3,535Jan 20, 2026Updated 3 weeks ago
- Interesting APT Report Collection And Some Special IOCs☆2,889Updated this week
- Scan files or process memory for CobaltStrike beacons and parse their configuration☆923Aug 19, 2021Updated 4 years ago
- Utilities for Sysmon☆1,569Sep 21, 2025Updated 4 months ago
- ☆2,383Oct 14, 2023Updated 2 years ago
- Open Source EDR for Windows☆1,296Feb 25, 2023Updated 2 years ago
- Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).☆800Jan 14, 2026Updated last month
- Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows…☆2,048Dec 11, 2024Updated last year
- ☆1,129Dec 19, 2023Updated 2 years ago
- Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detection…☆859Jan 20, 2022Updated 4 years ago
- A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…☆4,475Jan 12, 2026Updated last month
- Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.☆613Dec 8, 2025Updated 2 months ago
- Detect Tactics, Techniques & Combat Threats☆2,263Jan 21, 2026Updated 3 weeks ago
- Small and highly portable detection tests based on MITRE's ATT&CK.☆11,570Feb 9, 2026Updated last week
- A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365☆790Oct 29, 2022Updated 3 years ago
- Documentation and scripts to properly enable Windows event logs.☆672Oct 3, 2025Updated 4 months ago
- Threat Hunting tool about Sysmon and graphs☆336May 28, 2023Updated 2 years ago
- Main Sigma Rule Repository☆10,109Updated this week
- A repository of sysmon configuration modules☆2,968Aug 21, 2024Updated last year
- Automation for internal Windows Penetrationtest / AD-Security☆3,641Aug 28, 2025Updated 5 months ago
- Loki - Simple IOC and YARA Scanner☆3,719Jan 12, 2026Updated last month
- Re-play Security Events☆1,723Mar 20, 2024Updated last year
- Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders☆960Oct 5, 2023Updated 2 years ago
- Hunts out CobaltStrike beacons and logs operator command output☆951Sep 4, 2024Updated last year
- Misc Threat Hunting Resources☆377Jan 26, 2023Updated 3 years ago
- Digging Deeper....☆3,763Updated this week
- An Active Defense and EDR software to empower Blue Teams☆1,315Aug 10, 2023Updated 2 years ago
- YARA signature and IOC database for my scanners and tools☆2,864Feb 5, 2026Updated last week
- Elastic Security detection content for Endpoint☆1,376Updated this week
- Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK☆1,077Nov 28, 2024Updated last year