cgosec / Blauhaunt
A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you come from where did you go) in Security Incidents and Threat Hunts
☆167Updated 3 weeks ago
Alternatives and similar repositories for Blauhaunt:
Users that are interested in Blauhaunt are comparing it to the libraries listed below
- The LOLBins CTI-Driven (Living-Off-the-Land Binaries Cyber Threat Intelligence Driven) is a project that aims to help cyber defenders und…☆118Updated 11 months ago
- God Mode Detection Rules☆134Updated 7 months ago
- Mapping of open-source detection rules and atomic tests.☆155Updated 2 months ago
- The purpose of this project is to publish and maintain the deployment PowerShell script that automates deployments for Active Directory C…☆249Updated last year
- Active C&C Detector☆152Updated last year
- Segugio allows the execution and tracking of critical steps in the malware detonation process, from clicking on the first stage to extrac…☆147Updated 6 months ago
- A repository to share publicly available Velociraptor detection content☆137Updated this week
- A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.☆153Updated 10 months ago
- LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. T…☆121Updated last month
- LotL RMM☆149Updated this week
- Respotter is a Responder honeypot. Detect Responder in your environment as soon as it's spun up.☆192Updated 2 months ago
- Canary Detection☆164Updated 11 months ago
- PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.☆100Updated 6 months ago
- VeilTransfer is a data exfiltration utility designed to test and enhance the detection capabilities. This tool simulates real-world data …☆127Updated last month
- TokenSmith generates Entra ID access & refresh tokens on offensive engagements. It is suitable for both covert adversary simulations and …☆258Updated last month
- Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so on☆81Updated 10 months ago
- A collection of CVEs weaponized by ransomware operators☆111Updated this week
- CarbonBlack EDR detection rules and response actions☆71Updated 6 months ago
- Sigma rules to share with the community☆119Updated last month
- A pySigma wrapper and langchain toolkit for automatic rule creation/translation☆76Updated 2 weeks ago
- An automated Breach and Attack Simulation lab with terraform. Built for IaC stability, consistency, and speed.☆183Updated 8 months ago
- Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, ASN, DNS, WhoIs, Shodan InternetDB and Threat Indi…☆101Updated 5 months ago
- ☆74Updated this week
- Harness the power of Splunk for your investigations☆92Updated this week
- An opensource sigma conversion tool built using pysigma☆121Updated 3 months ago
- A list of RMMs designed to be used in automation to build alerts☆109Updated 3 weeks ago
- MISP Playbooks☆188Updated last month
- Automating EDR Testing with reference to MITRE ATTACK via Cobalt Strike [Purple Team].☆149Updated last year
- A Jupyter notebook to assist with the analysis of the output generated from Volatility memory extraction framework.☆94Updated last year