dfir-ronin / APT-OpenIOC-Detection-RulesView external linksLinks
This repository contains OpenIOC rules to aid in hunting for indicators of compromise and TTPs focused on Advanced Persistent Threat groups.
☆26Oct 3, 2023Updated 2 years ago
Alternatives and similar repositories for APT-OpenIOC-Detection-Rules
Users that are interested in APT-OpenIOC-Detection-Rules are comparing it to the libraries listed below
Sorting:
- CLI generator for Velociraptor offline collector☆15Oct 10, 2025Updated 4 months ago
- Hunt the windows Registry automatically using VQL☆13Jan 6, 2026Updated last month
- Thor Artifacts for Velociraptor☆19Dec 2, 2025Updated 2 months ago
- PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.☆36Jul 11, 2023Updated 2 years ago
- Threat Feeds, Threat lists, and regular lists of known IP ranges and domains. It updates every 4 hours.☆16May 21, 2021Updated 4 years ago
- Threat Detection System using Hybrid (Machine Learning + Lexical Analysis) learning Approach.☆11May 30, 2017Updated 8 years ago
- SIEM Cheat Sheet☆80Aug 15, 2023Updated 2 years ago
- PowerShell Memory Pulling script☆19Mar 24, 2015Updated 10 years ago
- Legacy Sigma Tools (sigmac etc.)☆15May 7, 2023Updated 2 years ago
- Git for me to put all my forensics stuff☆23Sep 2, 2025Updated 5 months ago
- yara detection rules for hunting with the threathunting-keywords project☆157May 11, 2025Updated 9 months ago
- ☆15Jul 20, 2022Updated 3 years ago
- Threat Modeling (based on STRIDE approach) for Kubernetes systems.☆25Oct 14, 2024Updated last year
- Look into EDR events from network☆25Nov 20, 2025Updated 2 months ago
- Sigma detection rules for hunting with the threathunting-keywords project☆58Mar 2, 2025Updated 11 months ago
- ☆24Mar 12, 2025Updated 11 months ago
- A collection of tools, scripts and personal research☆155Feb 2, 2026Updated last week
- Splunk TA for sending completion requests to ChatGPT☆26May 18, 2024Updated last year
- Windows version of honeybits - a PoC tool to create breadcrumbs and honeytokens, to lead the attackers to your honeypots!☆25Jun 19, 2017Updated 8 years ago
- A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.☆107Nov 23, 2022Updated 3 years ago
- ☆14Oct 24, 2024Updated last year
- My Malware Analysis Reports☆25May 24, 2022Updated 3 years ago
- Event Logging is an XML Schema for describing the auditable events generated by computer systems, hardware devices and access control sys…☆25Apr 24, 2025Updated 9 months ago
- ☆67Jun 20, 2023Updated 2 years ago
- Red Team tool for exfiltrating files from a target's Google Drive that you have access to, via Google's API.☆59Sep 2, 2021Updated 4 years ago
- ☆11Feb 9, 2023Updated 3 years ago
- A collection of companies that disclose adversary TTPs after they have been breached☆289Nov 11, 2025Updated 3 months ago
- This repository is for Indicators of Compromise (IOCs) from Zscaler ThreatLabz public reports☆79Jan 26, 2026Updated 2 weeks ago
- The Enhanced MITRE ATT&CK® Coverage Tracker is an Excel tool for SOCs to measure and improve detection coverage of cyber threats. It simp…☆34Nov 13, 2025Updated 3 months ago
- TTPMapper is an AI-driven threat intelligence parser that converts unstructured reports whether from web URLs or PDF files into structure…☆49Jun 21, 2025Updated 7 months ago
- Hunting Malicious Macros SANS Threathunting Summit 2021 Materials☆39Oct 9, 2021Updated 4 years ago
- Threat hunting repo for my independent study on threat hunting with OSQuery☆27Jan 16, 2018Updated 8 years ago
- A repository to share publicly available Velociraptor detection content☆196Updated this week
- A Microsoft Windows service to provide telemetry on Windows executable memory page changes to facilitate threat detection☆32Oct 7, 2020Updated 5 years ago
- Repository of SentinelOne Deep Visibility queries.☆135Jun 30, 2021Updated 4 years ago
- 🛡️ SIGMA Detection Engineering Platform A comprehensive AI-powered detection engineering platform for security teams to explore MITRE AT…☆46Jun 28, 2025Updated 7 months ago
- One Day of Python for SaintCon 2022☆11Jan 3, 2023Updated 3 years ago
- Digital Forensics Artifacts Knowledge Base☆89Dec 23, 2025Updated last month
- Labs for Threat Modelling training delivered by ControlPlane☆35Apr 24, 2024Updated last year