cgosec / BlauhauntLinks
A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you come from where did you go) in Security Incidents and Threat Hunts
☆170Updated this week
Alternatives and similar repositories for Blauhaunt
Users that are interested in Blauhaunt are comparing it to the libraries listed below
Sorting:
- The LOLBins CTI-Driven (Living-Off-the-Land Binaries Cyber Threat Intelligence Driven) is a project that aims to help cyber defenders und…☆124Updated last year
- A repository to share publicly available Velociraptor detection content☆170Updated this week
- The purpose of this project is to publish and maintain the deployment PowerShell script that automates deployments for Active Directory C…☆251Updated last year
- A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.☆155Updated last month
- Active C&C Detector☆154Updated last year
- Mapping of open-source detection rules and atomic tests.☆165Updated 4 months ago
- Segugio allows the execution and tracking of critical steps in the malware detonation process, from clicking on the first stage to extrac…☆150Updated 8 months ago
- God Mode Detection Rules☆134Updated 9 months ago
- Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.☆120Updated last week
- FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (EXT4, XFS) journals (not systemd-journald), generates…☆64Updated last month
- Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, ASN, DNS, WhoIs, Shodan InternetDB and Threat Indi…☆105Updated 7 months ago
- An opensource sigma conversion tool built using pysigma☆129Updated 5 months ago
- A pySigma wrapper and langchain toolkit for automatic rule creation/translation☆81Updated 2 weeks ago
- Raw data from Threat Intelligence Reports with automatic reports collection and keyword search across thousands of reports☆118Updated this week
- LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. T…☆123Updated 4 months ago
- Sigma rules to share with the community☆122Updated 4 months ago
- CarbonBlack EDR detection rules and response actions☆71Updated 8 months ago
- A collection of CVEs weaponized by ransomware operators☆115Updated this week
- Repository for sharing examples of our artifacts data and for use in new analyst recruitment.☆99Updated last month
- Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so on☆82Updated last year
- Convert Sigma rules to SIEM queries, directly in your browser.☆81Updated last week
- Respotter is a Responder honeypot. Detect Responder in your environment as soon as it's spun up.☆195Updated 4 months ago
- Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proac…☆88Updated last year
- VirtualGHOST Detection Tool☆91Updated last year
- LotL RMM☆196Updated last week
- VeilTransfer is a data exfiltration utility designed to test and enhance the detection capabilities. This tool simulates real-world data …☆138Updated 3 months ago
- Finding ClickFix and FakeCAPTCHA like it's 1999☆38Updated this week
- An open-source self-hosted purple team management web application.☆271Updated 3 weeks ago
- TokenSmith generates Entra ID access & refresh tokens on offensive engagements. It is suitable for both covert adversary simulations and …☆280Updated 4 months ago
- PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.☆102Updated 9 months ago