Alternatives and similar repositories for tehsat

Users that are interested in tehsat are comparing it to the libraries listed below

• Th1ru-M / Windows-Threat-Hunting
  Hunt for Keywords , Mutex, Windows Event,Registry Keys,Process,Schedule tasks in Windows Machine
  ☆22Updated 10 months ago
• IceMoonHSV / Sim
  C# User Simulation
  ☆33Updated 3 years ago
• stairwell-inc / cobalt-strike-stager-parser
  ☆36Updated 2 years ago
• CIRCL / factual-rules-generator
  Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.
  ☆76Updated 3 years ago
• k3idii / CobaltStrike-Tools
  Tools for playing w/ CobaltStrike config - extractin, detection, processing, etc...
  ☆29Updated 2 years ago
• lawiet47 / autoresponder
  Carbon Black Response IR tool
  ☆54Updated 4 years ago
• myrtus0x0 / SMAT
  Standardized Malware Analysis Tool
  ☆55Updated 4 years ago
• BinaryDefense / IcedDecrypt
  IcedID Decryption Tool
  ☆28Updated 4 years ago
• jonny-jhnson / Detecting-Process-Injection-Techniques
  This is a repository that is meant to hold detections for various process injection techniques.
  ☆34Updated 5 years ago
• SIFalcon / Detection
  ☆22Updated 2 years ago
• ppt0 / easyhunting
  Get intelligence info (tags, mitre techniques, yara and more) and find similar malware in a fast and easy way
  ☆19Updated 3 years ago
• shabarkin / pointer
  Pointer was developed for massive hunting and mapping Cobalt Strike servers exposed on the internet.
  ☆68Updated 3 years ago
• 3c7 / bazaar
  Python based CLI for MalwareBazaar
  ☆38Updated 2 months ago
• r00tten / VTI-Cosplay
  Low budget VirusTotal Intelligence Cosplay
  ☆20Updated 3 years ago
• Manticore-Platform / manticore-cli
  Manticore Adversary Emulation Cli
  ☆48Updated 5 years ago
• robindimyan / apthowto
  Liberating dem proprietary APT implants
  ☆20Updated 5 years ago
• brokensound77 / toruk
  Crowdstrike Falcon Host script for iterating through instances to get alert and other relevant data
  ☆13Updated 6 years ago
• nettitude / PoshC2_IOCs
  A list of IOCs applicable to PoshC2
  ☆24Updated 5 years ago
• DissectMalware / MDIExtractor
  ☆15Updated 3 years ago
• mandiant / apooxml
  Generate YARA rules for OOXML documents.
  ☆38Updated 2 years ago
• mandiant / goauditparser
  ☆46Updated 2 years ago
• c3rb3ru5d3d53c / mwdb-feeds
  A Modular MWDB Utility to Collect Fresh Malware Samples
  ☆34Updated 4 years ago
• Hestat / calamity
  A script to assist in processing forensic RAM captures for malware triage
  ☆27Updated 4 years ago
• BinaryDefense / beacon-fronting
  A simple command line program to help defender test their detections for network beacon patterns and domain fronting
  ☆70Updated 3 years ago
• jeFF0Falltrades / IoCs
  A collection of Indicators of Compromise (IoCs), most aligning with samples derived from the signatures in the YARA-Signatures repo
  ☆30Updated 5 years ago
• keydet89 / LNK
  Repository for LNK stuff
  ☆31Updated 3 years ago
• lemmou / RansomNoteFiles
  ☆24Updated last year
• tsale / BlueSploit
  BlueSploit is a DFIR framework with the main purpose being to quickly capture artifacts for later review.
  ☆32Updated 5 years ago
• y3n11 / Captain
  Userland API monitor for threat hunting
  ☆58Updated 5 years ago
• mitre-attack / joystick
  Joystick is a tool that gives you the ability to transform the ATT&CK Evaluations data into concise views that brings forward the nuances…
  ☆64Updated 2 years ago