cgosec / BlauhauntLinks
A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you come from where did you go) in Security Incidents and Threat Hunts
☆171Updated last month
Alternatives and similar repositories for Blauhaunt
Users that are interested in Blauhaunt are comparing it to the libraries listed below
Sorting:
- God Mode Detection Rules☆134Updated 11 months ago
- Segugio allows the execution and tracking of critical steps in the malware detonation process, from clicking on the first stage to extrac…☆151Updated 9 months ago
- The purpose of this project is to publish and maintain the deployment PowerShell script that automates deployments for Active Directory C…☆252Updated last year
- A repository to share publicly available Velociraptor detection content☆184Updated last week
- Mapping of open-source detection rules and atomic tests.☆169Updated 5 months ago
- The LOLBins CTI-Driven (Living-Off-the-Land Binaries Cyber Threat Intelligence Driven) is a project that aims to help cyber defenders und…☆124Updated last year
- Active C&C Detector☆155Updated last year
- Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.☆134Updated this week
- A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.☆155Updated 3 months ago
- A list of RMMs designed to be used in automation to build alerts☆111Updated 3 months ago
- ☆74Updated 2 weeks ago
- A collection of CVEs weaponized by ransomware operators☆117Updated last month
- VirtualGHOST Detection Tool☆91Updated last year
- LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. T…☆126Updated 5 months ago
- FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (ext4, XFS) journals (not systemd-journald logs), gene…☆76Updated this week
- Baseline a Windows System against LOLBAS☆27Updated last year
- MITRE ATT&CK mapped queries for SentinelOne Deep Visiblity☆91Updated 4 years ago
- Finding ClickFix and FakeCAPTCHA like it's 1999☆41Updated this week
- Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so on☆82Updated last year
- Canary Detection☆183Updated last month
- Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, ASN, DNS, WhoIs, Shodan InternetDB and Threat Indi…☆108Updated 9 months ago
- Respotter is a Responder honeypot. Detect Responder in your environment as soon as it's spun up.☆197Updated 2 weeks ago
- The Github project for The Defender's Guide by Luke Paine and Jonathan Johnson☆153Updated 2 years ago
- LotL RMM☆217Updated 3 weeks ago
- 🧰 ESXi Testing Tookit is a command-line utility designed to help security teams test ESXi detections.☆76Updated 2 months ago
- Convert Sigma rules to SIEM queries, directly in your browser.☆91Updated this week
- Sigma rules to share with the community☆121Updated 5 months ago
- A pySigma wrapper and langchain toolkit for automatic rule creation/translation☆81Updated last month
- Repository for sharing examples of our artifacts data and for use in new analyst recruitment.☆101Updated 2 months ago
- PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.☆102Updated 10 months ago