A repository to help CTI teams tackle the challenges around collection and research by providing guidance from experienced practitioners
☆117Oct 29, 2024Updated last year
Alternatives and similar repositories for The-CTI-Research-Guide
Users that are interested in The-CTI-Research-Guide are comparing it to the libraries listed below
Sorting:
- An analytical challenge created to test junior analysts looking to try performing proactive and reactive cyber threat intelligence.☆202Jul 3, 2024Updated last year
- A collection of papers, blogs, and resources that make up the quintessential aspects of cyber threat intelligence☆706Apr 21, 2025Updated 10 months ago
- The Threat Actor Profile Guide for CTI Analysts☆116Jul 15, 2023Updated 2 years ago
- Advanced Threat Hunting: Ransomware Group☆29Jul 9, 2025Updated 7 months ago
- 🐻❄️ 🏹 Threat hunting with Polars and flaws.cloud AWS CloudTrail datasets.☆14May 22, 2024Updated last year
- A package to create HTML MISP reports, including volume of trending events and attributes, evens received from key organisations and targ…☆11Aug 14, 2025Updated 6 months ago
- Repository documenting how Threat Intelligence and / or a Threat Intelligence Platform can prove its value to an organisation.☆53Oct 23, 2024Updated last year
- Cyber threat intelligence tool suite.☆42Apr 3, 2025Updated 11 months ago
- CTI Blueprints is a free suite of templates and tools that helps Cyber Threat Intelligence analysts create high-quality, actionable repor…☆282Mar 20, 2025Updated 11 months ago
- A curated list of Awesome Threat Intelligence Blogs�☆506Feb 16, 2026Updated 2 weeks ago
- This guide describes a process for developing Cyber Threat Intelligence Priority Intelligence Requirements☆127Dec 5, 2023Updated 2 years ago
- Live Feed of C2 servers, tools, and botnets☆751Updated this week
- A collection of CVEs weaponized by ransomware operators☆129Oct 13, 2025Updated 4 months ago
- Turn any blog into structured threat intelligence.☆52Feb 27, 2026Updated last week
- A resource containing all the tools each ransomware gangs uses☆1,332Dec 24, 2025Updated 2 months ago
- Get started using Synapse Open-Source to start a Cortex and perform analysis within your area of expertise.☆50May 16, 2022Updated 3 years ago
- Awesome list of keywords and artifacts for Threat Hunting sessions☆641Aug 4, 2025Updated 7 months ago
- A community-driven repository for threat hunting ideas, methodologies, and research that serves as a central gathering place for hunters …☆302Feb 27, 2026Updated last week
- Repository for scripts and tips for "Yara Scan Service"☆20Feb 19, 2023Updated 3 years ago
- ☆36Jan 11, 2023Updated 3 years ago
- Storage for the IOCs I collect☆11Mar 26, 2025Updated 11 months ago
- Hundred Days of Yara Challenge☆12Jun 21, 2022Updated 3 years ago
- Open Source Platform for storing, organizing, and searching documents related to cyber threats☆169Nov 10, 2023Updated 2 years ago
- Segugio allows the execution and tracking of critical steps in the malware detonation process, from clicking on the first stage to extrac…☆151Sep 21, 2024Updated last year
- DFIQ is a collection of investigative questions and the approaches for answering them☆300Jan 17, 2025Updated last year
- Repository created to share information about tactics, techniques and procedures used by threat actors. Initially with ransomware groups …☆395Jan 29, 2026Updated last month
- A collection of companies that disclose adversary TTPs after they have been breached☆289Nov 11, 2025Updated 3 months ago
- Minimal Indicator Storage System☆11Feb 8, 2021Updated 5 years ago
- Extract the Procedures (TTP) from CTI reports☆17Dec 13, 2025Updated 2 months ago
- Script to pull newly-registered domains and check for similarity against a provided word list.☆13Aug 2, 2020Updated 5 years ago
- An introduction to detection engineering☆14Jan 3, 2025Updated last year
- Dictionary of CTI-related acronyms, terms, and jargon☆147Nov 27, 2025Updated 3 months ago
- Documentation and scripts to properly enable Windows event logs.☆672Oct 3, 2025Updated 5 months ago
- KQL Queries. Microsoft Defender, Microsoft Sentinel☆832Updated this week
- Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proac…☆90Sep 16, 2023Updated 2 years ago
- AIL framework - Analysis Information Leak framework☆885Updated this week
- A collection of various SIEM rules relating to malware family groups.☆70Jun 18, 2024Updated last year
- A YARA rules repository continuously updated for monitoring the old and new threats from articles, incidents responses ...☆141Nov 19, 2023Updated 2 years ago
- A visualized overview of the Initial Access Broker (IAB) cybercrime landscape☆117Oct 22, 2021Updated 4 years ago