beahunt3r / Windows-HuntingLinks
☆351Updated 4 years ago
Alternatives and similar repositories for Windows-Hunting
Users that are interested in Windows-Hunting are comparing it to the libraries listed below
Sorting:
- A PowerShell script to interact with the MITRE ATT&CK Framework via its own API☆369Updated 6 years ago
- Test Blue Team detections without running any attack.☆271Updated last year
- Searches For Threat Hunting and Security Analytics☆241Updated 4 months ago
- Automated, Collection, and Enrichment Platform☆325Updated 5 years ago
- Powershell Threat Hunting Module☆285Updated 8 years ago
- Python script to decode common encoded PowerShell scripts☆216Updated 7 years ago
- Automated Tactics Techniques & Procedures☆256Updated 2 years ago
- Log newly created WMI consumers and processes to the Windows Application event log☆124Updated 7 years ago
- Sysmon Tools for PowerShell☆230Updated 7 years ago
- Some PowerShell Stuff☆281Updated 3 years ago
- ☆278Updated 2 years ago
- PowerShell No Agent Hunting☆110Updated 7 years ago
- Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The…☆180Updated 4 years ago
- Lists of sources and utilities utilized to hunt, detect and prevent evildoers.☆166Updated 6 years ago
- Allows you to quickly query a Windows machine for RAM artifacts☆220Updated 5 years ago
- A repo containing tools developed by Carbon Black's Threat Research Team: Threat Analysis Unit☆236Updated 4 years ago
- A little tool for detecting suspicious privileged NTLM connections, in particular Pass-The-Hash attack, based on event viewer logs.☆172Updated 6 months ago
- Detecting Lateral Movement with Machine Learning☆138Updated 7 years ago
- Theat hunting notes in flat file format and mapped to MITRE's ATT&CK IDs☆42Updated 6 years ago
- ☆282Updated 7 years ago
- IR-Tools - PowerShell tools for IR☆130Updated 8 years ago
- Tool Analysis Result Sheet☆356Updated 7 years ago
- ☆303Updated 5 years ago
- Collecting & Hunting for IOCs with gusto and style☆241Updated 4 years ago
- A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework☆352Updated 4 years ago
- Query and report user logons relations from MS Windows Security Events☆243Updated 7 years ago
- Reconstruct process trees from event logs☆147Updated 5 years ago
- All materials from our Black Hat 2018 "Subverting Sysmon" talk☆135Updated 7 years ago
- Data from a BRAWL Automated Adversary Emulation Exercise☆210Updated 4 years ago
- A MITRE Caldera plugin written in Python 3 used to convert Red Canary Atomic Red Team Tests to MITRE Caldera Stockpile YAML ability files…☆73Updated 3 years ago