cgosec / BlauhauntLinks
A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you come from where did you go) in Security Incidents and Threat Hunts
☆180Updated 8 months ago
Alternatives and similar repositories for Blauhaunt
Users that are interested in Blauhaunt are comparing it to the libraries listed below
Sorting:
- God Mode Detection Rules☆135Updated last year
- The LOLBins CTI-Driven (Living-Off-the-Land Binaries Cyber Threat Intelligence Driven) is a project that aims to help cyber defenders und…☆126Updated last year
- A repository to share publicly available Velociraptor detection content☆194Updated this week
- Segugio allows the execution and tracking of critical steps in the malware detonation process, from clicking on the first stage to extrac…☆151Updated last year
- Active C&C Detector☆155Updated 2 years ago
- A list of RMMs designed to be used in automation to build alerts☆117Updated 2 months ago
- A collection of CVEs weaponized by ransomware operators☆129Updated 3 months ago
- Mapping of open-source detection rules and atomic tests.☆193Updated last year
- A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.☆162Updated 9 months ago
- LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. T…☆143Updated last month
- The purpose of this project is to publish and maintain the deployment PowerShell script that automates deployments for Active Directory C…☆258Updated 2 years ago
- VirtualGHOST Detection Tool☆104Updated last month
- Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.☆165Updated last month
- ☆74Updated 2 weeks ago
- 🧰 ESXi Testing Tookit is a command-line utility designed to help security teams test ESXi detections.☆82Updated 9 months ago
- MITRE ATT&CK mapped queries for SentinelOne Deep Visiblity☆92Updated 5 years ago
- Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations☆102Updated 5 months ago
- Your Browser-based EVTX Companion☆112Updated this week
- CarbonBlack EDR detection rules and response actions☆73Updated last year
- Sigma rules to share with the community☆123Updated last year
- FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (ext4, XFS) journals (not systemd-journald logs), gene…☆103Updated 3 weeks ago
- Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proac…☆90Updated 2 years ago
- Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so on☆84Updated last year
- Convert Sigma rules to SIEM queries, directly in your browser.☆108Updated last week
- A pySigma wrapper and langchain toolkit for automatic rule creation/translation☆90Updated 3 months ago
- Full of public notes and Utilities☆130Updated 3 weeks ago
- Respotter is a Responder honeypot. Detect Responder in your environment as soon as it's spun up.☆197Updated 2 months ago
- Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, ASN, DNS, WhoIs, Shodan InternetDB and Threat Indi…☆110Updated last year
- The Github project for The Defender's Guide by Luke Paine and Jonathan Johnson☆159Updated 2 years ago
- Parses USB connection artifacts from offline Registry hives☆106Updated 7 months ago