Alternatives and similar repositories for ThreatHunt

Users that are interested in ThreatHunt are comparing it to the libraries listed below

• dwmetz / PSHero

  View on GitHub
  PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.
  ☆36Jul 11, 2023Updated 2 years ago
• randomuserid / Adama

  View on GitHub
  Searches For Threat Hunting and Security Analytics
  ☆238Mar 26, 2025Updated 10 months ago
• rkovar / sunburstlookups

  View on GitHub
  Quick lookup files for SUNBURST Backdoor
  ☆12Dec 15, 2020Updated 5 years ago
• olafhartong / ThreatHunting

  View on GitHub
  A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
  ☆1,173Jul 26, 2023Updated 2 years ago
• vysecurity / ATT-CK_Analysis

  View on GitHub
  Repository for my ATT&CK analysis research.
  ☆71May 16, 2019Updated 6 years ago
• edoardogerosa / sentinel-attack

  View on GitHub
  Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
  ☆1,077Nov 28, 2024Updated last year
• n0dec / MalwLess

  View on GitHub
  Test Blue Team detections without running any attack.
  ☆272May 2, 2024Updated last year
• sbousseaden / EVTX-ATTACK-SAMPLES

  View on GitHub
  Windows Events Attack Samples
  ☆2,507Jan 24, 2023Updated 3 years ago
• Securityinbits / cheatsheet

  View on GitHub
  These are some of the commands which I use frequently during Malware Analysis and DFIR.
  ☆24Jan 8, 2024Updated 2 years ago
• shr3ddersec / ThreatHunting

  View on GitHub
  Reference sheet for Threat Hunting Professional Course
  ☆26Mar 10, 2019Updated 6 years ago
• jreegun / Researches

  View on GitHub
  Contains poc's and my research works
  ☆31Feb 13, 2023Updated 3 years ago
• cyberdefenders / DetectionLabELK

  View on GitHub
  DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
  ☆573Dec 12, 2021Updated 4 years ago
• OTRF / SimuLand

  View on GitHub
  Cloud Templates and scripts to deploy mordor environments
  ☆129Mar 3, 2021Updated 4 years ago
• PolitoInc / ELK-Hunting

  View on GitHub
  Threat Hunting with ELK Workshop (InfoSecWorld 2017)
  ☆65Oct 31, 2017Updated 8 years ago
• ION28 / BLUESPAWN

  View on GitHub
  An Active Defense and EDR software to empower Blue Teams
  ☆1,315Aug 10, 2023Updated 2 years ago
• dfirtrack / dfirtrack

  View on GitHub
  DFIRTrack - The Incident Response Tracking Application
  ☆532Jan 13, 2026Updated last month
• praetorian-inc / purple-team-attack-automation

  View on GitHub
  Praetorian's public release of our Metasploit automation of MITRE ATT&CK™ TTPs
  ☆728Jan 21, 2020Updated 6 years ago
• vysecurity / VBA-RunPE

  View on GitHub
  A VBA implementation of the RunPE technique or how to bypass application whitelisting.
  ☆14Dec 30, 2018Updated 7 years ago
• inodee / threathunting-spl

  View on GitHub
  Splunk code (SPL) for serious threat hunters and detection engineers.
  ☆289Jan 15, 2024Updated 2 years ago
• activecm / threat-hunting-labs

  View on GitHub
  Collection of walkthroughs on various threat hunting techniques
  ☆76Aug 3, 2020Updated 5 years ago
• redhuntlabs / RedHunt-OS

  View on GitHub
  Virtual Machine for Adversary Emulation and Threat Hunting
  ☆1,313Jan 22, 2025Updated last year
• securycore / ThreatHunting

  View on GitHub
  Powershell collection designed to assist in Threat Hunting Windows systems.
  ☆27Apr 13, 2018Updated 7 years ago
• pe3zx / mthc

  View on GitHub
  All-in-one bundle of MISP, TheHive and Cortex
  ☆169Sep 27, 2022Updated 3 years ago
• benpturner / Invoke-DCOM

  View on GitHub
  C# DCOM Execution
  ☆18Aug 4, 2019Updated 6 years ago
• MalwareArchaeology / ARTHIR

  View on GitHub
  ATT&CK Remote Threat Hunting Incident Response
  ☆206Dec 8, 2024Updated last year
• mitchmoser / SharPermission

  View on GitHub
  C# .NET Assembly for interacting with File Object DACLs
  ☆46Apr 3, 2020Updated 5 years ago
• A3sal0n / CyberThreatHunting

  View on GitHub
  A collection of resources for Threat Hunters
  ☆914Oct 15, 2024Updated last year
• 0xFA-Team / CVE-2019-0604

  View on GitHub
  cve-2019-0604 SharePoint RCE exploit
  ☆40Jun 26, 2019Updated 6 years ago
• mhaskar / CVE-2019-20224

  View on GitHub
  The offical exploit for Pandora v7.0NG Post-auth Remote Code Execution CVE-2019-20224
  ☆14Jan 10, 2020Updated 6 years ago
• b3b0 / snipehunt

  View on GitHub
  🦉🔬A small PowerShell tool for finding information quickly on malicious IPs or FQDNs. Powershell threat hunting.
  ☆11Jan 9, 2020Updated 6 years ago
• tarantula-team / CVE-2019-12949

  View on GitHub
  CVE-2019-12949
  ☆26Jun 28, 2019Updated 6 years ago
• NaxAlpha / shellcode-loader

  View on GitHub
  Shellcode Loader Engine for Windows
  ☆27Jan 29, 2017Updated 9 years ago
• jorritfolmer / EDRevals

  View on GitHub
  Splunk app to compare Endpoint Detection and Response solutions based on MITRE ATT&CK evaluations (APT3, APT29, Carbanak + FIN7, Wizard S…
  ☆19Sep 5, 2022Updated 3 years ago
• ashwin-patil / threat-hunting-with-notebooks

  View on GitHub
  Repository with Sample threat hunting notebooks on Security Event Log Data Sources
  ☆69Dec 2, 2022Updated 3 years ago
• HoangKien1020 / CVE-2020-11890

  View on GitHub
  CVE-2020-11890: Improper input validations in the usergroup table class could lead to a broken ACL configuration to RCE
  ☆62Jun 1, 2023Updated 2 years ago
• yavuzatlas / Vulmap-Windows

  View on GitHub
  Host-based local vulnerability scanner. Finds installed software on the host, asks their vulnerabilities to vulmon.com API and print vuln…
  ☆33Aug 1, 2021Updated 4 years ago
• fnmsd / zimbra_poc

  View on GitHub
  Zimbra XXE+SSRF+UPLOAD Poc
  ☆59Jun 25, 2019Updated 6 years ago
• TestingPens / MalwarePersistenceScripts

  View on GitHub
  A collection of scripts I've written to help red and blue teams with malware persistence techniques.
  ☆127May 30, 2018Updated 7 years ago
• infosecn1nja / awesome-mitre-attack

  View on GitHub
  A curated list of awesome resources related to Mitre ATT&CK™ Framework
  ☆613Sep 14, 2019Updated 6 years ago