huntresslabs / threat-intel
This repository contains supplemental items including IOCs, and signatures discussed in Huntress blogposts, and other media.
☆28Updated this week
Related projects ⓘ
Alternatives and complementary repositories for threat-intel
- ESXi Cyber Security Incident Response Script☆20Updated 2 months ago
- Remote access and Antivirus Logging Database☆41Updated 6 months ago
- Sigma detection rules for hunting with the threathunting-keywords project☆47Updated last week
- Azure function to insert MISP data in to Azure Sentinel☆30Updated 2 years ago
- ASR Configurator, Essentials and Atomic Testing☆35Updated last week
- USN Journal full path builder☆36Updated last month
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆68Updated 11 months ago
- General Content☆20Updated 3 months ago
- Living off the False Positive!☆29Updated 2 months ago
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆75Updated 2 weeks ago
- Slides of my public talks☆46Updated 10 months ago
- Baseline a Windows System against LOLBAS☆24Updated 6 months ago
- The ultimate solution for remotely deploying Crowdstrike sensors quickly and discreetly on any other EDR platform.☆22Updated 2 months ago
- orc2timeline extracts and analyzes artifacts contained in archives generated with DFIR-ORC.exe to create a timeline from them☆25Updated 3 weeks ago
- Expose a lot of MDE telemetry that is not easily accessible in any searchable form☆99Updated 3 months ago
- PS-TrustedDocuments: PowerShell script to handle information on trusted documents for Microsoft Office☆34Updated last year
- A repository to help CTI teams tackle the challenges around collection and research by providing guidance from experienced practitioners☆44Updated last week
- Collection of scripts/resources/ideas for attack surface reduction and additional logging to enable better threat hunting on Windows endp…☆38Updated 7 months ago
- A repository for tracking events related to the MOVEit Transfer Cl0p Campaign☆66Updated last year
- ShellSweeping the evil.☆52Updated 4 months ago
- my MSTICpy practice and custom tools repository☆11Updated this week
- SubCrawl is a modular framework for discovering open directories, identifying unique content through signatures and organizing the data w…☆49Updated 5 months ago
- A pySigma wrapper and langchain toolkit for automatic rule creation/translation☆66Updated this week
- Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations☆78Updated 3 months ago
- ☆43Updated 3 weeks ago
- This project is an Ansible Role to execute Atomic Red Team tests against multiple machines by wrapping Invoke-AtomicRedTeam☆24Updated 4 months ago
- Providing Azure pipelines to create an infrastructure and run Atomic tests.☆50Updated last year
- pySigma Splunk backend☆34Updated 7 months ago
- ☆48Updated last year
- Detection rule validation☆41Updated last year