cgosec / Blauhaunt
A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you come from where did you go) in Security Incidents and Threat Hunts
☆167Updated 2 weeks ago
Alternatives and similar repositories for Blauhaunt:
Users that are interested in Blauhaunt are comparing it to the libraries listed below
- The LOLBins CTI-Driven (Living-Off-the-Land Binaries Cyber Threat Intelligence Driven) is a project that aims to help cyber defenders und…☆118Updated 11 months ago
- Active C&C Detector☆152Updated last year
- God Mode Detection Rules☆134Updated 7 months ago
- The purpose of this project is to publish and maintain the deployment PowerShell script that automates deployments for Active Directory C…☆249Updated last year
- A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.☆153Updated 9 months ago
- Mapping of open-source detection rules and atomic tests.☆154Updated last month
- LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. T…☆120Updated last month
- Segugio allows the execution and tracking of critical steps in the malware detonation process, from clicking on the first stage to extrac…☆147Updated 5 months ago
- LotL RMM☆144Updated this week
- An opensource sigma conversion tool built using pysigma☆119Updated 2 months ago
- A repository to share publicly available Velociraptor detection content☆136Updated this week
- Sigma rules to share with the community☆119Updated last month
- A pySigma wrapper and langchain toolkit for automatic rule creation/translation☆76Updated last week
- A collection of CVEs weaponized by ransomware operators☆108Updated 2 months ago
- A repository to help CTI teams tackle the challenges around collection and research by providing guidance from experienced practitioners☆82Updated 4 months ago
- Purpleteam scripts simulation & Detection - trigger events for SOC detections☆181Updated 2 months ago
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆84Updated last month
- CarbonBlack EDR detection rules and response actions☆71Updated 6 months ago
- ☆74Updated this week
- Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so on☆81Updated 10 months ago
- Canary Detection☆164Updated 11 months ago
- Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, ASN, DNS, WhoIs, Shodan InternetDB and Threat Indi…☆101Updated 5 months ago
- Raw data from Threat Intelligence Reports with automatic reports collection and keyword search across thousands of reports☆97Updated this week
- ☆196Updated last month
- ShellSweeping the evil.☆163Updated 3 months ago
- PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.☆100Updated 6 months ago
- VirtualGHOST Detection Tool☆90Updated 9 months ago
- TokenSmith generates Entra ID access & refresh tokens on offensive engagements. It is suitable for both covert adversary simulations and …☆259Updated last month
- A community-driven repository for threat hunting ideas, methodologies, and research that serves as a central gathering place for hunters …☆189Updated this week
- Respotter is a Responder honeypot. Detect Responder in your environment as soon as it's spun up.☆192Updated 2 months ago