mthcht/ThreatIntel-Reports

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/mthcht/ThreatIntel-Reports)

mthcht / ThreatIntel-Reports

Raw data from Threat Intelligence Reports with automatic reports collection and keyword search across thousands of reports

☆153Updated this week

Alternatives and similar repositories for ThreatIntel-Reports

Users that are interested in ThreatIntel-Reports are comparing it to the libraries listed below

Sorting:

mthcht / ThreatHunting-Keywords
View on GitHub
Awesome list of keywords and artifacts for Threat Hunting sessions
☆638Aug 4, 2025Updated 6 months ago
mthcht / Purpleteam
View on GitHub
Purpleteam scripts simulation & Detection - trigger events for SOC detections
☆192Dec 20, 2024Updated last year
lolc2 / lolc2.github.io
View on GitHub
lolC2 is a collection of C2 frameworks that leverage legitimate services to evade detection
☆256Jan 29, 2026Updated last month
dobin / RedEdr
View on GitHub
Collect Windows telemetry for Maldev
☆460Jan 30, 2026Updated last month
mthcht / ThreatHunting-Keywords-yara-rules
View on GitHub
yara detection rules for hunting with the threathunting-keywords project
☆157May 11, 2025Updated 9 months ago
fastlorenzo / redelk-kibana-app
View on GitHub
Kibana app for RedELK
☆18Mar 19, 2023Updated 2 years ago
mthcht / awesome-lists
View on GitHub
Awesome Security lists for SOC/CERT/CTI
☆1,257Updated this week
mthcht / ThreatHunting-Keywords-sigma-rules
View on GitHub
Sigma detection rules for hunting with the threathunting-keywords project
☆58Mar 2, 2025Updated 11 months ago
Sam0x90 / CTI
View on GitHub
Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so on
☆83Apr 27, 2024Updated last year
SecurityAura / DE-TH-Aura
View on GitHub
Repository where I hold random detection and threat hunting queries that I come up with based on different sources of information (or eve…
☆277Dec 20, 2025Updated 2 months ago
kozmer / rspy
View on GitHub
rust port of pspy with support for process monitoring over dbus
☆35Jan 4, 2026Updated last month
Mayyhem / Maestro
View on GitHub
Abusing Azure services over C2
☆368Jan 20, 2026Updated last month
inzlain / sameuser
View on GitHub
Helper script for BloodHound to automatically add relationships between multiple accounts owned by the same individual
☆14Jul 13, 2022Updated 3 years ago
affix / rusty-hollow
View on GitHub
Unix Process hollowing in rust
☆22Dec 16, 2024Updated last year
BushidoUK / Ransomware-Tool-Matrix
View on GitHub
A resource containing all the tools each ransomware gangs uses
☆1,330Dec 24, 2025Updated 2 months ago
naksyn / DojoLoader
View on GitHub
Generic PE loader for fast prototyping evasion techniques
☆244Jul 2, 2024Updated last year
joaoviictorti / coffeeldr
View on GitHub
A COFF Loader written in Rust
☆136Dec 1, 2025Updated 2 months ago
jsecu / ModTask
View on GitHub
☆53Sep 23, 2025Updated 5 months ago
djackreuter / rustlualoader
View on GitHub
Shellcode loader that executes embedded Lua from Rust.
☆127Dec 16, 2024Updated last year
blackarrowsec / Handly
View on GitHub
Abuse leaked token handles.
☆136Dec 14, 2023Updated 2 years ago
CompassSecurity / conkeyscan
View on GitHub
A Pentesters Confluence Keyword Scanner
☆17Dec 3, 2024Updated last year
spaceraccoon / serverless-recon-example
View on GitHub
Example of a serverless web reconaissance workflow's AWS architecture.
☆11Feb 25, 2023Updated 3 years ago
ACE-Responder / rpcfirewall-extended-telemetry
View on GitHub
☆15May 3, 2024Updated last year
McL0vinn / Windows-Forensic-Examination-and-Threat-Hunting
View on GitHub
Various commands, tools, techniques that you can use to examine live Windows systems for signs of Compromise or for Threat Hunting.Can al…
☆14Aug 15, 2022Updated 3 years ago
nbuzydeb / sincon24_modern_redteam
View on GitHub
This is the Git repository for the Modern Red Teaming workshop given at SINCON2024.
☆12May 23, 2024Updated last year
iamagarre / BadExclusionsNWBO
View on GitHub
BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR
☆75Feb 9, 2024Updated 2 years ago
safedv / GPOAnalyzer
View on GitHub
GPOAnalyzer is a tool designed to assist in parsing domain Group Policy Object (GPO) files located in the SYSVOL directory.
☆28Jun 14, 2024Updated last year
vysecurity / OffensiveLAM
View on GitHub
A Large Action Model designed to operate on MacOS or Windows which interacts with common C2 interfaces such as Cobalt Strike, Havoc, or B…
☆26Feb 29, 2024Updated 2 years ago
MythicAgents / nemesis
View on GitHub
Nemesis agent for Mythic
☆28Dec 11, 2025Updated 2 months ago
eversinc33 / UnXorStringsNet
View on GitHub
Deobfuscation of XorStringsNet
☆14Nov 5, 2024Updated last year
Invoke-RE / community-malware-research
View on GitHub
A repository to store community malware research notes and findings.
☆15Feb 13, 2026Updated 2 weeks ago
sagiol / Terms-of-What
View on GitHub
Terms of Use Conditional Access M365 Evilginx Phishlet
☆44Jun 23, 2025Updated 8 months ago
outflanknl / RedELK-workshop
View on GitHub
Items related to the RedELK workshop given at security conferences
☆29Sep 28, 2023Updated 2 years ago
t-tani / defender2yara
View on GitHub
Convert Microsoft Defender Antivirus Signatures (VDM) into YARA rules
☆144Updated this week
TheRavenFile / Daily-Hunt
View on GitHub
IOCs collected during day-to-day activities
☆109Updated this week
curated-intel / The-CTI-Research-Guide
View on GitHub
A repository to help CTI teams tackle the challenges around collection and research by providing guidance from experienced practitioners
☆116Oct 29, 2024Updated last year
m4ul3r / malware
View on GitHub
malware written for educational purposes
☆71Dec 31, 2025Updated 2 months ago
xpn / CloudInject
View on GitHub
☆121Nov 21, 2024Updated last year
google / dfiq
View on GitHub
DFIQ is a collection of investigative questions and the approaches for answering them
☆300Jan 17, 2025Updated last year