APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
☆1,402Nov 7, 2024Updated last year
Alternatives and similar repositories for APT-Hunter
Users that are interested in APT-Hunter are comparing it to the libraries listed below
Sorting:
- Windows Events Attack Samples☆2,517Jan 24, 2023Updated 3 years ago
- Rapidly Search and Hunt through Windows Forensic Artefacts☆3,460Mar 2, 2026Updated last week
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆786Feb 22, 2026Updated 2 weeks ago
- Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.☆3,051Feb 24, 2026Updated last week
- Investigate malicious Windows logon by visualizing and analyzing Windows event log☆3,137Oct 19, 2025Updated 4 months ago
- Collection of Event ID ressources useful for Digital Forensics and Incident Response☆644Jun 19, 2024Updated last year
- A toolset to make a system look as if it was the victim of an APT attack☆2,714Sep 23, 2025Updated 5 months ago
- WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)☆779Feb 3, 2023Updated 3 years ago
- Defences against Cobalt Strike☆1,296Jul 14, 2022Updated 3 years ago
- Malwoverview is a rapid response tool used to gather intelligence information from VirusTotal, Hybrid Analysis, URLHaus, Polyswarm, Malsh…☆3,633Mar 1, 2026Updated last week
- Interesting APT Report Collection And Some Special IOCs☆2,929Updated this week
- Scan files or process memory for CobaltStrike beacons and parse their configuration☆922Aug 19, 2021Updated 4 years ago
- Utilities for Sysmon☆1,573Sep 21, 2025Updated 5 months ago
- ☆2,392Oct 14, 2023Updated 2 years ago
- Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows…☆2,056Dec 11, 2024Updated last year
- Open Source EDR for Windows☆1,297Feb 25, 2023Updated 3 years ago
- Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).☆803Jan 14, 2026Updated last month
- ☆1,131Dec 19, 2023Updated 2 years ago
- A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…☆4,492Jan 12, 2026Updated last month
- Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detection…☆864Jan 20, 2022Updated 4 years ago
- Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.☆612Dec 8, 2025Updated 3 months ago
- Detect Tactics, Techniques & Combat Threats☆2,268Jan 21, 2026Updated last month
- Small and highly portable detection tests based on MITRE's ATT&CK.☆11,632Mar 2, 2026Updated last week
- A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365☆790Oct 29, 2022Updated 3 years ago
- Documentation and scripts to properly enable Windows event logs.☆673Oct 3, 2025Updated 5 months ago
- Threat Hunting tool about Sysmon and graphs☆337May 28, 2023Updated 2 years ago
- Main Sigma Rule Repository☆10,156Mar 2, 2026Updated last week
- A repository of sysmon configuration modules☆2,987Aug 21, 2024Updated last year
- Automation for internal Windows Penetrationtest / AD-Security☆3,645Aug 28, 2025Updated 6 months ago
- Loki - Simple IOC and YARA Scanner☆3,729Jan 12, 2026Updated last month
- Re-play Security Events☆1,725Mar 20, 2024Updated last year
- Hunts out CobaltStrike beacons and logs operator command output☆950Sep 4, 2024Updated last year
- Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders☆1,061Oct 5, 2023Updated 2 years ago
- Misc Threat Hunting Resources☆377Jan 26, 2023Updated 3 years ago
- An Active Defense and EDR software to empower Blue Teams☆1,316Aug 10, 2023Updated 2 years ago
- Digging Deeper....☆3,799Updated this week
- YARA signature and IOC database for my scanners and tools☆2,880Feb 5, 2026Updated last month
- Elastic Security detection content for Endpoint☆1,382Feb 26, 2026Updated last week
- Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK☆1,078Nov 28, 2024Updated last year