Theat hunting notes in flat file format and mapped to MITRE's ATT&CK IDs
☆43Oct 21, 2018Updated 7 years ago
Alternatives and similar repositories for threat_hunting_tables
Users that are interested in threat_hunting_tables are comparing it to the libraries listed below
Sorting:
- this application shows EAC sdk's memory leak.☆10Nov 30, 2021Updated 4 years ago
- ☆13Sep 22, 2022Updated 3 years ago
- ☆10Dec 19, 2017Updated 8 years ago
- ☆13Feb 6, 2018Updated 8 years ago
- Threat Detection System using Hybrid (Machine Learning + Lexical Analysis) learning Approach.☆11May 30, 2017Updated 8 years ago
- Use DNS to hunt for threats including DGAs☆15Jan 4, 2016Updated 10 years ago
- C# Situational Awareness Script☆34Apr 26, 2019Updated 6 years ago
- Compilation of resources to help with Adversary Simulation automation harness☆100Aug 7, 2020Updated 5 years ago
- ☆42Apr 22, 2021Updated 4 years ago
- Dump LSASS process in Task Manager without triggering Defender.☆18Apr 6, 2023Updated 2 years ago
- ☆14Jun 26, 2020Updated 5 years ago
- LogRM is a post exploitation powershell script which it uses windows event logs to gather information about internal network☆74Jul 9, 2019Updated 6 years ago
- Simple web frontend to an elasticsearch database made for local files indexing☆19Oct 25, 2019Updated 6 years ago
- A CALDERA plugin☆81Feb 17, 2026Updated 2 weeks ago
- A repository that maps API calls to Sysmon Event ID's.☆121Nov 14, 2022Updated 3 years ago
- Understanding ATT&CK Matrix for Enterprise☆79May 16, 2018Updated 7 years ago
- Standalone Go implementation of Metasploit's "db_nmap" and "db_import" commands.☆19Nov 6, 2024Updated last year
- Squirtle the Browser-based NTLM Attack Toolkit☆17Apr 13, 2015Updated 10 years ago
- ☆22Jun 9, 2025Updated 9 months ago
- Quick scan to find live hosts on the network/across networks☆48Jul 4, 2014Updated 11 years ago
- A simple example application to collect DNS queries logs using etw-api☆27May 11, 2020Updated 5 years ago
- Advanced Persistent Threat Detection Using Network Analysis☆23Feb 28, 2019Updated 7 years ago
- Expert Investigation Guides☆51Mar 18, 2021Updated 4 years ago
- Threat Detection & Anomaly Detection rules for popular open-source components☆53Jul 27, 2022Updated 3 years ago
- A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework☆356Nov 3, 2020Updated 5 years ago
- ☆49Jan 13, 2020Updated 6 years ago
- A curated list of resources to deep dive into the intersection of applied machine learning and threat detection.☆19Sep 23, 2020Updated 5 years ago
- Official Black Hat Arsenal Security Tools Repository☆21Jul 31, 2017Updated 8 years ago
- Helper script for mangling CS payloads☆51May 5, 2019Updated 6 years ago
- Docker Container to deploy Mitre Caldera Automated Adversary Emulation System☆26Sep 26, 2020Updated 5 years ago
- Mirror network traffic from one interface to another on Windows☆25Feb 26, 2020Updated 6 years ago
- Reference sheet for Threat Hunting Professional Course☆26Mar 10, 2019Updated 7 years ago
- Event Logging is an XML Schema for describing the auditable events generated by computer systems, hardware devices and access control sys…☆25Apr 24, 2025Updated 10 months ago
- Providing timelines based on OSINT Reports☆31Jun 21, 2023Updated 2 years ago
- GCP and GSUITE security auditing scripts☆27Apr 29, 2024Updated last year
- Presentation Slides☆26Jun 7, 2019Updated 6 years ago
- .net tool that uses WMI queries to enumerate active sessions and accounts configured to run services on remote systems☆36Dec 9, 2019Updated 6 years ago
- Crack your macros like the math pros.☆33Feb 14, 2017Updated 9 years ago
- This repository contains OpenIOC rules to aid in hunting for indicators of compromise and TTPs focused on Advanced Persistent Threat grou…☆26Oct 3, 2023Updated 2 years ago