Library of threat hunts to get any user started!
☆50Sep 4, 2020Updated 5 years ago
Alternatives and similar repositories for TheThreatHuntLibrary
Users that are interested in TheThreatHuntLibrary are comparing it to the libraries listed below
Sorting:
- MalwareAnalysis☆12Dec 19, 2020Updated 5 years ago
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- Parser for Sdba memory pool tags☆21Jul 16, 2021Updated 4 years ago
- High-level Threat Intelligence playbooks☆20Mar 6, 2021Updated 5 years ago
- A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.☆43Jul 18, 2022Updated 3 years ago
- Here are some tools I developed to help analyze malware☆11Nov 8, 2023Updated 2 years ago
- ☆33Feb 26, 2022Updated 4 years ago
- A library for fast parse & import of Windows Master File Table($MFT) into Elasticsearch.☆12Jun 23, 2025Updated 8 months ago
- evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.☆158Nov 30, 2021Updated 4 years ago
- Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or event…☆77Jul 13, 2021Updated 4 years ago
- Threat Hunt Investigation Methodology and Procedure☆15Jul 11, 2022Updated 3 years ago
- Ekoparty's BlueSpace Keynote November 2021. Shoutout to @plugxor Muchas Gracias!!!☆13Jun 5, 2023Updated 2 years ago
- Malformed Access Log to CSV - Convert Web Server Access Logs to CSV☆18Sep 3, 2024Updated last year
- Modular command-line threat hunting tool & framework.☆17Jul 20, 2020Updated 5 years ago
- Repository with Sample threat hunting notebooks on Security Event Log Data Sources☆69Dec 2, 2022Updated 3 years ago
- Get intelligence info (tags, mitre techniques, yara and more) and find similar malware in a fast and easy way☆19Jun 6, 2022Updated 3 years ago
- Python script for parsing ESET (NOD32) virlog.dat file.☆14Sep 28, 2017Updated 8 years ago
- Python bindings for https://github.com/omerbenamram/mft☆23Dec 23, 2025Updated 2 months ago
- Tools for hunting for threats.☆599Apr 30, 2025Updated 10 months ago
- A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.☆107Nov 23, 2022Updated 3 years ago
- PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.☆37Jul 11, 2023Updated 2 years ago
- #ThreatHunting #DFIR #Malware #Detection Mind Maps☆304Nov 13, 2021Updated 4 years ago
- ☆20Jan 10, 2025Updated last year
- ☆21May 8, 2022Updated 3 years ago
- Cloud, CDN, and marketing services leveraged by cybercriminals and APT groups☆60Oct 28, 2022Updated 3 years ago
- Threat Hunting & Incident Investigation with Osquery☆216Mar 30, 2022Updated 3 years ago
- $MFT parser (from live systems or a copy of the $MFT) and raw file copy utility☆38Jul 18, 2024Updated last year
- Triaging Windows event logs based on SANS Poster☆47Nov 22, 2025Updated 3 months ago
- A repository to share publicly available Velociraptor detection content☆196Updated this week
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆86Dec 17, 2025Updated 2 months ago
- Repo that hold write-ups of various research projects I did and/or overall InfoSec things I investigated/researched.☆22Jan 5, 2025Updated last year
- ☆33Oct 25, 2021Updated 4 years ago
- Threat Box Assessment Tool☆19Aug 15, 2021Updated 4 years ago
- Binary commandline executable to parse ETL files☆69Jun 7, 2018Updated 7 years ago
- Threat intelligence and threat detection indicators (IOC, IOA)☆52Nov 27, 2020Updated 5 years ago
- Stand-alone parser for User Access Logging from Server 2012 and newer systems☆78Jan 9, 2024Updated 2 years ago
- Repository with selected IOCs and YARA rules for threat hunting.☆35May 21, 2025Updated 9 months ago
- Jupyter Notebooks for Cyber Threat Intelligence☆35Sep 14, 2023Updated 2 years ago
- Windows 10 (v1803+) ActivitiesCache.db parsers (SQLite, PowerShell, .EXE)☆196Feb 16, 2023Updated 3 years ago