Alternatives and similar repositories for EDRevals:

Users that are interested in EDRevals are comparing it to the libraries listed below

• tevora-threat / atomic_red_team_gui
  Windows GUI/Execution Engine for Atomic Red Team Atomics
  ☆34Updated 4 years ago
• Th1ru-M / Windows-Threat-Hunting
  Hunt for Keywords , Mutex, Windows Event,Registry Keys,Process,Schedule tasks in Windows Machine
  ☆22Updated 3 months ago
• fatihsirin / Tweettioc-Splunk-App
  Tweettioc Splunk App
  ☆20Updated 4 years ago
• mitre-attack / attack-evals
  ATT&CK Evaluations website (DEPRECATED)
  ☆59Updated 3 years ago
• OTRF / bloodhound-notebooks
  Notebooks created to attack and secure Active Directory environments
  ☆27Updated 5 years ago
• mitre-attack / evals_caldera
  A CALDERA plugin for ATT&CK Evaluations Round 1
  ☆33Updated last year
• hxnoyd / ossem-power-up
  A tool to assess data quality, built on top of the awesome OSSEM.
  ☆76Updated 2 years ago
• lawiet47 / autoresponder
  Carbon Black Response IR tool
  ☆53Updated 4 years ago
• f8al / TA-Shell
  Splunk scripted input for opening a backconnect shell on a remote forwarder
  ☆45Updated 4 years ago
• cabve / CbR
  Queries for Carbon Black Response
  ☆11Updated 5 years ago
• FixTheExchange / Invoke-ExchangeWebShellHunter
  PowerShell script for hunting webshells on Microsoft Exchange Servers.
  ☆55Updated 8 years ago
• rabobank-cdc / Blue-ATTACK
  The new name is DeTT&CT
  ☆24Updated 5 years ago
• OTRF / bloodhound-notebook
  BloodHound Cypher Queries Ported to a Jupyter Notebook
  ☆53Updated 4 years ago
• olafhartong / detection-sources
  ☆53Updated 6 years ago
• SadProcessor / WatchDog
  BloodHound Data Scanner
  ☆44Updated 4 years ago
• fullmetalcache / SharpFiles
  ☆55Updated 4 years ago
• carbonblack / active_c2_ioc_public
  Active C2 IoCs
  ☆97Updated 2 years ago
• 3CORESec / Automata
  Automatic detection engineering technical state compliance
  ☆54Updated 8 months ago
• jsecurity101 / Detecting-Process-Injection-Techniques
  This is a repository that is meant to hold detections for various process injection techniques.
  ☆34Updated 5 years ago
• refractionPOINT / limacharlie
  Old home of LimaCharlie, open source EDR
  ☆30Updated last year
• vysecurity / CobaltSplunk
  Splunk Dashboard for CobaltStrike logs
  ☆86Updated 3 years ago
• slyd0g / TimeStomper
  PoC that manipulates Windows file times using SetFileTime() API
  ☆58Updated 5 years ago
• DfirJos / CnC-detection
  Detecting PowerShell Empire, Metasploit Meterpreter and Cobalt Strike agents by payload size sequence analysis and host correlation
  ☆16Updated 6 years ago
• CIRCL / factual-rules-generator
  Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.
  ☆76Updated 3 years ago
• vysecurity / ATT-CK_Analysis
  Repository for my ATT&CK analysis research.
  ☆68Updated 5 years ago
• mlgualtieri / PurpleTeamSummit
  ☆26Updated 3 years ago
• olafhartong / sysmon-modular-linux
  A repository of Sysmon For Linux configuration modules
  ☆15Updated 3 years ago
• intelforge / tmc
  Threat Mapping Catalogue
  ☆17Updated 3 years ago
• StefanKelm / yara-rules
  Links to malware-related YARA rules
  ☆14Updated 2 years ago
• 3xpl01tc0d3r / Building-ActiveDirectory-Lab
  Building ActiveDirectory Lab for practicing various attack vectors used during Red Team engagement.
  ☆36Updated 5 years ago