dfir-ronin / APT-OpenIOC-Detection-Rules

Related projects ⓘ

Alternatives and complementary repositories for APT-OpenIOC-Detection-Rules

• svch0stz / TheThreatHuntLibrary
  Library of threat hunts to get any user started!
  ☆40Updated 4 years ago
• fkie-cad / amides
  An Adaptive Misuse Detection System
  ☆29Updated 2 weeks ago
• joeavanzato / crackdown
  Helping Incident Responders hunt for potential persistence mechanisms on UNIX-based systems.
  ☆15Updated last year
• mthcht / ThreatHunting-Keywords-yara-rules
  yara detection rules for hunting with the threathunting-keywords project
  ☆87Updated this week
• cybergoatpsyops / detections
  Placeholder for my detection repo and misc detection engineering content
  ☆43Updated last year
• NVISOsecurity / nviso-cti
  ☆41Updated 7 months ago
• stuxnet999 / volatility-binaries
  Contains compiled binaries of Volatility
  ☆29Updated last month
• mthcht / ThreatHunting-Keywords-sigma-rules
  Sigma detection rules for hunting with the threathunting-keywords project
  ☆47Updated 2 weeks ago
• bittib010 / AjourVolAutolity
  A project that aims to automate Volatility3 at scale with the use of cloud strength and the power of KQL inside ADX.
  ☆15Updated 3 weeks ago
• mdecrevoisier / Windows-authentication-brutforce-cheatsheet
  Assist analyst and threat hunters to understand Windows authentication logs and to analyze brutforce scenarios.
  ☆18Updated last year
• brokensound77 / LoFP
  Living off the False Positive!
  ☆29Updated 2 months ago
• eSentire / iocs
  ☆15Updated 2 weeks ago
• Cluster25 / detection
  Threat Detection Rules (Snort/Sigma/Yara)
  ☆13Updated 9 months ago
• tropChaud / Categorized-Adversary-TTPs
  Merge of two major cyber adversary datasets, MITRE ATT&CK and ETDA/ThaiCERT Threat Actor Cards, enabling victim/motivation-adversary-tech…
  ☆50Updated 2 years ago
• Neo23x0 / YARA-Style-Guide
  A specification and style guide for YARA rules
  ☆37Updated 9 months ago
• jstrosch / subparse
  Modular malware analysis artifact collection and correlation framework
  ☆52Updated 6 months ago
• delivr-to / detections
  A home for detection content developed by the delivr.to team
  ☆59Updated last week
• Sam0x90 / CB-Threat-Hunting
  CarbonBlack EDR detection rules and response actions
  ☆71Updated 2 months ago
• CD-R0M / YARA
  Hundred Days of Yara Challenge
  ☆12Updated 2 years ago
• g-les / 100DaysofYARA
  100 Days of YARA to be updated with rules & ideas as the year progresses
  ☆56Updated last year
• secnnet / CrowdStrike-Falcon-Search-Queries
  ☆17Updated last year
• CIRCL / factual-rules-generator
  Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.
  ☆76Updated 2 years ago
• hpthreatresearch / iocs
  Indicators of Compromise (IOCs) accompanying HP Threat Research blog posts and reports.
  ☆29Updated 7 months ago
• center-for-threat-informed-defense / attack-powered-suit
  ATT&CK Powered Suit is a browser extension that puts the complete MITRE ATT&CK® knowledge base at your fingertips with text search, conte…
  ☆72Updated 2 weeks ago
• ThreatLabz / iocs
  This repository is for Indicators of Compromise (IOCs) from Zscaler ThreatLabz public reports
  ☆65Updated this week
• invoke-eric / jupyter
  Jupyter Notebooks for Cyber Threat Intelligence
  ☆35Updated last year
• BushidoUK / Abused-Legitimate-Services
  Cloud, CDN, and marketing services leveraged by cybercriminals and APT groups
  ☆57Updated 2 years ago
• center-for-threat-informed-defense / summiting-the-pyramid
  Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research…
  ☆27Updated last month
• west-wind / Threat-Hunting-With-Splunk
  Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise
  ☆57Updated 6 months ago
• zolderio / misp-to-sentinel
  Azure function to insert MISP data in to Azure Sentinel
  ☆30Updated 2 years ago