Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proactively identify, engage and prevent cyber threats denying or mitigating potential damage to the organization.
☆90Sep 16, 2023Updated 2 years ago
Alternatives and similar repositories for AIMOD2
Users that are interested in AIMOD2 are comparing it to the libraries listed below
Sorting:
- Repo with supporting material for the talk titled "Cracking the Beacon: Automating the extraction of implant configurations"☆11Feb 6, 2025Updated last year
- Splunk Add-on for PowerShell provides field extraction for PowerShell event logs.☆17Feb 1, 2021Updated 5 years ago
- Forensics scripts aimed at automating & enhancing the Forensics Legend Eric Zimmerman's techniques, integrating the statistical detection…☆18Sep 7, 2023Updated 2 years ago
- Cmdlets for capturing Windows Events☆14Mar 11, 2022Updated 3 years ago
- Execute embedded Mimikatz☆13Nov 24, 2021Updated 4 years ago
- A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.☆162Apr 6, 2025Updated 10 months ago
- Converts Sigma detection rules to a Splunk alert configuration.☆12Jul 1, 2021Updated 4 years ago
- IATelligence is a Python script that will extract the IAT of a PE file and request GPT to get more information about the API and the ATT&…☆374Dec 9, 2022Updated 3 years ago
- Custom Splunk search command to reconstruct a pstree from Sysmon process creation events (EventCode 1)☆24Mar 3, 2023Updated 3 years ago
- AI-Powered, Local Pythonic Coding Agent 🐞💻☆24Mar 3, 2025Updated last year
- ☆15Jan 9, 2026Updated last month
- A repository of my own Sigma detection rules.☆163Nov 25, 2025Updated 3 months ago
- Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.☆208Jul 21, 2022Updated 3 years ago
- ADXFlowmaster helps SecOps teams Threat Hunt suspicious network traffic inside & outside of Azure.☆40Oct 30, 2024Updated last year
- General Content☆25Dec 23, 2025Updated 2 months ago
- ☆34Jun 13, 2023Updated 2 years ago
- A repository to share publicly available Velociraptor detection content☆196Updated this week
- Notes on responding to security breaches relating to Azure AD☆121Mar 14, 2022Updated 3 years ago
- Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders☆1,059Oct 5, 2023Updated 2 years ago
- The Intelligent Process Lifecycle of Active Cyber Defenders☆33Jan 1, 2023Updated 3 years ago
- Registry timestamp manipulation☆17Feb 26, 2014Updated 12 years ago
- This repository is used by FalconForce to release parts of the internal tools used for maintaining, validating and automatically deployin…☆17Mar 10, 2023Updated 2 years ago
- Repository documenting how Threat Intelligence and / or a Threat Intelligence Platform can prove its value to an organisation.☆53Oct 23, 2024Updated last year
- A Jupyter notebook to assist with the analysis of the output generated from Volatility memory extraction framework.☆97May 28, 2023Updated 2 years ago
- BlackBerry Threat Research & Intelligence☆100Oct 20, 2023Updated 2 years ago
- Detection Engineering Tools☆25Feb 26, 2026Updated last week
- A knowledge base of actionable Incident Response techniques☆662May 31, 2022Updated 3 years ago
- Extract C2 Traffic☆253Nov 25, 2024Updated last year
- Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).☆804Jan 14, 2026Updated last month
- A repository to help CTI teams tackle the challenges around collection and research by providing guidance from experienced practitioners☆117Oct 29, 2024Updated last year
- Various snippets created during malware analysis☆22Apr 29, 2018Updated 7 years ago
- Detect Tactics, Techniques & Combat Threats☆2,264Jan 21, 2026Updated last month
- This tool parses Windows EVTX logs to extract login and logout sessions from a security.evtx file. It uses a Tkinter GUI to let you selec…☆31Feb 22, 2025Updated last year
- ☆225Sep 8, 2022Updated 3 years ago
- A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365☆790Oct 29, 2022Updated 3 years ago
- A collection of dashboards, templates, API's and Power BI code for vulnerability management and analysis☆24Feb 2, 2025Updated last year
- Cumulonimbus-UAL_Extractor is a PowerShell based tool created by the Tesorion CERT team to help gather the Unified Audit Logging out of a…☆21Oct 25, 2023Updated 2 years ago
- Repository of public reference frameworks for the DFIR community.☆122Jul 4, 2023Updated 2 years ago
- The Threat Actor Profile Guide for CTI Analysts☆116Jul 15, 2023Updated 2 years ago