ahmedkhlief / APT-Hunter
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
☆1,252Updated this week
Related projects ⓘ
Alternatives and complementary repositories for APT-Hunter
- Defences against Cobalt Strike☆1,281Updated 2 years ago
- Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red…☆844Updated last week
- Open Source EDR for Windows☆1,151Updated last year
- Windows Events Attack Samples☆2,244Updated last year
- An Active Defense and EDR software to empower Blue Teams☆1,236Updated last year
- Automatically created C2 Feeds☆529Updated this week
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆678Updated last week
- ☆505Updated last month
- Detect Tactics, Techniques & Combat Threats☆2,062Updated this week
- Interesting APT Report Collection And Some Special IOC☆2,417Updated last week
- This project aims to compare and evaluate the telemetry of various EDR products.☆1,678Updated this week
- Sophos-originated indicators-of-compromise from published reports☆544Updated this week
- VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities a…☆1,388Updated last month
- A collection of red team and adversary emulation resources developed and released by MITRE.☆491Updated 3 years ago
- Investigate malicious Windows logon by visualizing and analyzing Windows event log☆2,728Updated 4 months ago
- Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.☆520Updated 2 months ago
- ☆1,021Updated 10 months ago
- Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders☆765Updated last year
- Utilities for Sysmon☆1,487Updated 5 months ago
- yarGen is a generator for YARA rules☆1,552Updated 5 months ago
- A toolset to make a system look as if it was the victim of an APT attack☆2,463Updated last year
- A Splunk app mapped to MITRE ATT&CK to guide your threat hunts☆1,137Updated last year
- YARA signature and IOC database for my scanners and tools☆2,476Updated this week
- ☆2,185Updated last year
- Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detection…☆831Updated 2 years ago
- An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.☆1,719Updated 10 months ago
- A repository of sysmon configuration modules☆2,658Updated 2 months ago
- ☆525Updated 11 months ago
- Elastic Security detection content for Endpoint☆1,041Updated this week
- A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the …☆1,461Updated this week