cgosec / BlauhauntLinks
A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you come from where did you go) in Security Incidents and Threat Hunts
☆177Updated 4 months ago
Alternatives and similar repositories for Blauhaunt
Users that are interested in Blauhaunt are comparing it to the libraries listed below
Sorting:
- A repository to share publicly available Velociraptor detection content☆186Updated this week
- Mapping of open-source detection rules and atomic tests.☆177Updated 8 months ago
- Segugio allows the execution and tracking of critical steps in the malware detonation process, from clicking on the first stage to extrac…☆150Updated last year
- God Mode Detection Rules☆134Updated last year
- The LOLBins CTI-Driven (Living-Off-the-Land Binaries Cyber Threat Intelligence Driven) is a project that aims to help cyber defenders und…☆125Updated last year
- A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.☆157Updated 5 months ago
- The purpose of this project is to publish and maintain the deployment PowerShell script that automates deployments for Active Directory C…☆256Updated last year
- Active C&C Detector☆156Updated last year
- A list of RMMs designed to be used in automation to build alerts☆113Updated 5 months ago
- FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (ext4, XFS) journals (not systemd-journald logs), gene…☆88Updated 3 weeks ago
- VirtualGHOST Detection Tool☆92Updated last year
- Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.☆149Updated 2 weeks ago
- ☆74Updated last week
- A collection of CVEs weaponized by ransomware operators☆125Updated last month
- The Eventlog Compendium is the go-to resource for understanding Windows Event Logs.☆49Updated 5 months ago
- LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. T…☆132Updated 8 months ago
- 🧰 ESXi Testing Tookit is a command-line utility designed to help security teams test ESXi detections.☆78Updated 5 months ago
- Finding ClickFix and FakeCAPTCHA like it's 1999☆61Updated last week
- CarbonBlack EDR detection rules and response actions☆72Updated last year
- An index of publicly available and open-source threat detection rulesets.☆125Updated 5 months ago
- LotL RMM☆247Updated last week
- Respotter is a Responder honeypot. Detect Responder in your environment as soon as it's spun up.☆197Updated last month
- The ultimate repository for remotely deploying Crowdstrike sensors quickly and discreetly on any other EDR platform.☆24Updated last month
- Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so on☆83Updated last year
- ☆116Updated 4 months ago
- Convert Sigma rules to SIEM queries, directly in your browser.☆95Updated last week
- Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, ASN, DNS, WhoIs, Shodan InternetDB and Threat Indi…☆109Updated 11 months ago
- Repository for sharing examples of our artifacts data and for use in new analyst recruitment.☆107Updated 5 months ago
- MITRE ATT&CK mapped queries for SentinelOne Deep Visiblity☆92Updated 4 years ago
- Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations☆96Updated last month