kunai-project / kunai
Threat-hunting tool for Linux
☆356Updated this week
Related projects: ⓘ
- This is a collection of threat detection rules / rules engines that I have come across.☆270Updated 4 months ago
- A centralized and enhanced memory analysis platform☆355Updated 2 weeks ago
- CLI tools for forensic investigation of Windows artifacts☆296Updated last month
- Deep Linux runtime visibility meets Wireshark☆182Updated last week
- Automated YARA Rule Standardization and Quality Assurance Tool☆154Updated this week
- Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis…☆145Updated last week
- Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of par…☆248Updated 11 months ago
- LOKI2 - Simple IOC and YARA Scanner☆77Updated last month
- This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.☆121Updated last year
- Python library to parse and convert Sigma rules into queries (and whatever else you could imagine)☆382Updated this week
- A collection of companies that disclose adversary TTPs after they have been breached☆236Updated 4 months ago
- Rapidly Search and Hunt through Linux Forensics Artifacts☆174Updated 8 months ago
- How to setup a honeypot with an IDS, ELK and TLS traffic inspection☆150Updated 2 years ago
- ✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The …☆246Updated 7 months ago
- MISP Playbooks☆167Updated last month
- MITRE Caldera™ for OT Plugins & Capabilities☆185Updated 8 months ago
- practical toolkit for cybersecurity and IT professionals. It features a detailed Linux cheatsheet for incident response☆356Updated 8 months ago
- Red Canary's eBPF Sensor☆97Updated 2 months ago
- Awesome list of keywords and artifacts for Threat Hunting sessions☆436Updated 2 weeks ago
- Signatures and IoCs from public Volexity blog posts.☆307Updated last month
- The Sigma command line interface based on pySigma☆130Updated last month
- A standard for reducing log volume without sacrificing analytical capability☆182Updated last year
- A rewrite of YARA in Rust.☆622Updated this week
- Advanced Bash script designed for conducting digital forensics on Linux systems☆130Updated 5 months ago
- A free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing. Gain visibility and contr…☆160Updated 3 weeks ago
- This repo contains IOC, malware and malware analysis associated with Public cloud☆241Updated this week
- An ADCS honeypot to catch attackers in your internal network.☆182Updated 2 months ago
- A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you com…☆159Updated 5 months ago
- Rules generated from our investigations.☆186Updated last month
- Arya is a unique tool that produces pseudo-malicious files meant to trigger YARA rules. You can think of it like a reverse YARA.☆238Updated last year