cgosec / BlauhauntLinks
A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you come from where did you go) in Security Incidents and Threat Hunts
☆171Updated 3 weeks ago
Alternatives and similar repositories for Blauhaunt
Users that are interested in Blauhaunt are comparing it to the libraries listed below
Sorting:
- A repository to share publicly available Velociraptor detection content☆173Updated last week
- The purpose of this project is to publish and maintain the deployment PowerShell script that automates deployments for Active Directory C…☆252Updated last year
- Mapping of open-source detection rules and atomic tests.☆168Updated 5 months ago
- The LOLBins CTI-Driven (Living-Off-the-Land Binaries Cyber Threat Intelligence Driven) is a project that aims to help cyber defenders und…☆124Updated last year
- Active C&C Detector☆154Updated last year
- Segugio allows the execution and tracking of critical steps in the malware detonation process, from clicking on the first stage to extrac…☆151Updated 9 months ago
- God Mode Detection Rules☆134Updated 10 months ago
- FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (EXT4, XFS) journals (not systemd-journald), generates…☆64Updated this week
- Sigma rules to share with the community☆122Updated 4 months ago
- Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.☆129Updated this week
- LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. T…☆123Updated 4 months ago
- M365/Azure adversary simulation tool that generates realistic attack telemetry to help blue teams improve their detection and response ca…☆297Updated 3 months ago
- Purpleteam scripts simulation & Detection - trigger events for SOC detections☆185Updated 6 months ago
- A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.☆155Updated 2 months ago
- Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so on☆82Updated last year
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆85Updated 4 months ago
- A Jupyter notebook to assist with the analysis of the output generated from Volatility memory extraction framework.☆95Updated 2 years ago
- Raw data from Threat Intelligence Reports with automatic reports collection and keyword search across thousands of reports☆120Updated this week
- An opensource sigma conversion tool built using pysigma☆130Updated last week
- CarbonBlack EDR detection rules and response actions☆71Updated 9 months ago
- Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proac…☆88Updated last year
- A collection of CVEs weaponized by ransomware operators☆116Updated 2 weeks ago
- Convert Sigma rules to SIEM queries, directly in your browser.☆89Updated this week
- Repository of attack and defensive information for Business Email Compromise investigations☆256Updated last month
- LotL RMM☆208Updated this week
- Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations☆89Updated 10 months ago
- An automated Breach and Attack Simulation lab with terraform. Built for IaC stability, consistency, and speed.☆191Updated 11 months ago
- ☆99Updated 3 months ago
- Automating EDR Testing with reference to MITRE ATTACK via Cobalt Strike [Purple Team].☆153Updated 2 years ago
- ☆74Updated 2 weeks ago