darkoperator / ThreatHunter-Playbook
A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns by leveraging Windows Events and Sysmon logs.
☆12Updated 8 years ago
Alternatives and similar repositories for ThreatHunter-Playbook:
Users that are interested in ThreatHunter-Playbook are comparing it to the libraries listed below
- ☆18Updated last year
- RisingSun: Decoding SUNBURST C2 to identify infected hosts without network telemetry.☆10Updated 4 years ago
- Light System Examination Toolkit (LISET) - logs & activity & configuration gathering utility that comes handy in fast Windows incident re…☆29Updated 8 years ago
- Various Python scripts that have come in handy but aren't important enough to get their own repository☆22Updated 4 years ago
- NetRipper - Smart traffic sniffing for penetration testers☆17Updated 9 years ago
- C&C to deliver files and shuttle command execution instructions between an external actor and an internal agent with the help of Firefox …☆38Updated 2 years ago
- The Shodan monitoring tools allows you to monitor shodan listed servers basis on the filter you provided☆33Updated 3 years ago
- PowerShell Memory Pulling script☆19Updated 10 years ago
- Passive recon / OSINT automation script☆40Updated 6 years ago
- Create an incident response triage toolkit for use with Windows or Linux.☆17Updated 4 years ago
- ☆33Updated 2 months ago
- Parses Java Cache IDX files☆39Updated 7 years ago
- Fingerprint a web app using local files as the fingerprint sources☆38Updated 7 years ago
- Gunslinger is used to hunt for Magecart sites using URLScan's API☆31Updated 3 years ago
- MacOS incident Response Toolkit. Mostly written while stuck on a NJTransit train.☆20Updated 5 years ago
- A simple tool to detect NBT-NS and LLMNR spoofing (and messing with them a bit)☆36Updated 6 years ago
- A collection of scripts that I've written while pentesting.☆31Updated 6 years ago
- Web Filter External Enumeration Tool (WebFEET)☆75Updated 10 years ago
- Collection of scripts and tools that I created to aid in my testing.☆14Updated 3 years ago
- A single repository for any security tools, scripts, documentation, etc. that I add☆12Updated 7 years ago
- ☆30Updated 6 years ago
- This repo is dedicated to all my tricks, tweaks and modules for testing and hunting threats. This repo contains multiple directories whic…☆56Updated 7 years ago
- Six Degrees of Domain Admin☆15Updated 7 years ago
- Search Email Accounts (OWA) for Passwords, PAN numbers as well as other Keywords☆39Updated 7 years ago
- A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.☆14Updated 6 years ago
- Plugins to add funtionality to ProcDOT. http://www.procdot.com☆23Updated last year
- A powershell script that prints a lot of IP and connection info to the screen☆31Updated 8 years ago
- Security Operations Center Multiple Purpose Tool, takes IP address input, conducts OSINT, conducts splunk, bro, fireeye, imperva, and fir…☆21Updated 7 years ago
- Comprehensive Pivoting Framework☆20Updated 8 years ago
- Collection of single use scripts I worte for windows forensics☆27Updated 13 years ago