ine-labs / ThreatSeeker
ThreatSeeker: Threat Hunting via Windows Event Logs
β118Updated last year
Alternatives and similar repositories for ThreatSeeker:
Users that are interested in ThreatSeeker are comparing it to the libraries listed below
- A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.β151Updated 9 months ago
- π§° ESXi Testing Tookit is a command-line utility designed to help security teams test ESXi detections.β68Updated last month
- Purpleteam scripts simulation & Detection - trigger events for SOC detectionsβ177Updated 2 months ago
- The LOLBins CTI-Driven (Living-Off-the-Land Binaries Cyber Threat Intelligence Driven) is a project that aims to help cyber defenders undβ¦β118Updated 10 months ago
- PowerShell tools to help defenders hunt smarter, hunt harder.β226Updated last month
- β158Updated last year
- β74Updated last week
- A collection of CVEs weaponized by ransomware operatorsβ104Updated last month
- Completely Risky Active-Directory Simulation Hubβ99Updated last year
- PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.β98Updated 5 months ago
- Windows Malware Investigation Scripts & Docsβ74Updated 3 months ago
- A collection of various SIEM rules relating to malware family groups.β65Updated 8 months ago
- β165Updated 11 months ago
- Advanced Bash script designed for conducting digital forensics on Linux systemsβ138Updated 10 months ago
- IOC Stream and Command and Control Database Containing Command and Control (C2) Servers Detected Daily by ThreatMon.β61Updated last year
- CarbonBlack EDR detection rules and response actionsβ71Updated 5 months ago
- A security assessment tool for analyzing Active Directory Group Policy Objects (GPOs) to identify misconfigurations and vulnerabilitiesβ193Updated last month
- Regular Expressions List used in Digital Forensic Tasksβ82Updated last year
- Repository where I hold random detection and threat hunting queries that I come up with based on different sources of information (or eveβ¦β116Updated this week
- β155Updated last year
- Respotter is a Responder honeypot. Detect Responder in your environment as soon as it's spun up.β191Updated last month
- CLI tools for forensic investigation of Windows artifactsβ324Updated 3 months ago
- Powershell tools used for Red Team / Pentesting.β74Updated last year
- An automated Breach and Attack Simulation lab with terraform. Built for IaC stability, consistency, and speed.β182Updated 7 months ago
- β173Updated 2 months ago
- Advanced Email Threat Hunting w/ Detection as Codeβ49Updated 2 weeks ago
- Sentinel Logic Apps/Playbooks to automate enrichment, incident analysis and more.β86Updated last month
- VirtualGHOST Detection Toolβ89Updated 9 months ago
- This repository contains a comprehensive testing designed for evaluating the performance and resilience of Endpoint Detection and Responsβ¦β51Updated 4 months ago
- MISP Playbooksβ184Updated last week