cgosec / Blauhaunt
A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you come from where did you go) in Security Incidents and Threat Hunts
☆168Updated last month
Alternatives and similar repositories for Blauhaunt:
Users that are interested in Blauhaunt are comparing it to the libraries listed below
- A repository to share publicly available Velociraptor detection content☆154Updated this week
- The LOLBins CTI-Driven (Living-Off-the-Land Binaries Cyber Threat Intelligence Driven) is a project that aims to help cyber defenders und…☆121Updated last year
- The purpose of this project is to publish and maintain the deployment PowerShell script that automates deployments for Active Directory C…☆250Updated last year
- Mapping of open-source detection rules and atomic tests.☆162Updated 3 months ago
- Active C&C Detector☆153Updated last year
- God Mode Detection Rules☆134Updated 8 months ago
- FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (EXT4, XFS) journals (not systemd-journald), generates…☆63Updated 2 weeks ago
- A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.☆154Updated last week
- Segugio allows the execution and tracking of critical steps in the malware detonation process, from clicking on the first stage to extrac…☆147Updated 6 months ago
- LotL RMM☆170Updated 3 weeks ago
- A list of RMMs designed to be used in automation to build alerts☆110Updated this week
- Sigma rules to share with the community☆119Updated 2 months ago
- A collection of CVEs weaponized by ransomware operators☆112Updated last month
- ☆74Updated 3 weeks ago
- CarbonBlack EDR detection rules and response actions☆71Updated 7 months ago
- An opensource sigma conversion tool built using pysigma☆123Updated 3 months ago
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆84Updated 2 months ago
- M365/Azure adversary simulation tool that generates realistic attack telemetry to help blue teams improve their detection and response ca…☆284Updated last month
- Canary Detection☆167Updated last year
- Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proac…☆88Updated last year
- LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. T…☆123Updated 2 months ago
- Repository for sharing examples of our artifacts data and for use in new analyst recruitment.☆90Updated this week
- A pySigma wrapper and langchain toolkit for automatic rule creation/translation☆78Updated last week
- When good OAuth apps go rogue. Documents observed OAuth application tradecraft☆75Updated 2 weeks ago
- Respotter is a Responder honeypot. Detect Responder in your environment as soon as it's spun up.☆193Updated 3 months ago
- Convert Sigma rules to SIEM queries, directly in your browser.☆74Updated last week
- Monitor your PingCastle scans to highlight the rule diff between two scans☆111Updated 8 months ago
- Full of public notes and Utilities☆98Updated 2 months ago
- Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations☆85Updated 8 months ago
- VeilTransfer is a data exfiltration utility designed to test and enhance the detection capabilities. This tool simulates real-world data …☆136Updated last month