cgosec / Blauhaunt
A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you come from where did you go) in Security Incidents and Threat Hunts
☆167Updated 3 months ago
Alternatives and similar repositories for Blauhaunt:
Users that are interested in Blauhaunt are comparing it to the libraries listed below
- The LOLBins CTI-Driven (Living-Off-the-Land Binaries Cyber Threat Intelligence Driven) is a project that aims to help cyber defenders und…☆118Updated 10 months ago
- God Mode Detection Rules☆134Updated 6 months ago
- Mapping of open-source detection rules and atomic tests.☆123Updated 3 weeks ago
- Segugio allows the execution and tracking of critical steps in the malware detonation process, from clicking on the first stage to extrac…☆145Updated 4 months ago
- Active C&C Detector☆152Updated last year
- LotL RMM☆124Updated 3 weeks ago
- The purpose of this project is to publish and maintain the deployment PowerShell script that automates deployments for Active Directory C…☆248Updated last year
- LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. T…☆117Updated 3 weeks ago
- Canary Detection☆164Updated 10 months ago
- An automated Breach and Attack Simulation lab with terraform. Built for IaC stability, consistency, and speed.☆182Updated 7 months ago
- A repository to share publicly available Velociraptor detection content☆126Updated this week
- A collection of CVEs weaponized by ransomware operators☆104Updated last month
- A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.☆151Updated 8 months ago
- ☆190Updated this week
- ☆74Updated last week
- Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so on☆81Updated 9 months ago
- TokenSmith generates Entra ID access & refresh tokens on offensive engagements. It is suitable for both covert adversary simulations and …☆243Updated 3 weeks ago
- Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proac…☆85Updated last year
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆82Updated last week
- An opensource sigma conversion tool built using pysigma☆115Updated last month
- Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, ASN, DNS, WhoIs, Shodan InternetDB and Threat Indi…☆101Updated 4 months ago
- A list of RMMs designed to be used in automation to build alerts☆108Updated 3 months ago
- VeilTransfer is a data exfiltration utility designed to test and enhance the detection capabilities. This tool simulates real-world data …☆112Updated this week
- An ADCS honeypot to catch attackers in your internal network.☆278Updated 7 months ago
- https://lolad-project.github.io/☆71Updated last month
- A pySigma wrapper and langchain toolkit for automatic rule creation/translation☆74Updated 3 weeks ago
- Automating EDR Testing with reference to MITRE ATTACK via Cobalt Strike [Purple Team].☆147Updated last year
- CarbonBlack EDR detection rules and response actions☆71Updated 5 months ago
- PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.☆98Updated 5 months ago