Alternatives and similar repositories for TheThreatHuntLibrary

Users that are interested in TheThreatHuntLibrary are comparing it to the libraries listed below

• cado-security / MalwareAnalysis

  View on GitHub
  MalwareAnalysis
  ☆12Dec 19, 2020Updated 5 years ago
• bgrundy / cheatsheets-forensic

  View on GitHub
  Forensic cheatsheets for use with cheat
  ☆15Dec 2, 2021Updated 4 years ago
• ArsenalRecon / SdbaParser

  View on GitHub
  Parser for Sdba memory pool tags
  ☆21Jul 16, 2021Updated 4 years ago
• tsale / Threat-Intelligence-Playbooks

  View on GitHub
  High-level Threat Intelligence playbooks
  ☆20Mar 6, 2021Updated 4 years ago
• AndrewRathbun / EventTranscript.db-Research

  View on GitHub
  A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.
  ☆43Jul 18, 2022Updated 3 years ago
• StupidBird-Code / Malware_Analysize-Tools

  View on GitHub
  Here are some tools I developed to help analyze malware
  ☆11Nov 8, 2023Updated 2 years ago
• woanware / etw-event-dumper

  View on GitHub
  ☆33Feb 26, 2022Updated 3 years ago
• sumeshi / mft2es

  View on GitHub
  A library for fast parse & import of Windows Master File Table($MFT) into Elasticsearch.
  ☆12Jun 23, 2025Updated 7 months ago
• NVISOsecurity / evtx-hunter

  View on GitHub
  evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.
  ☆158Nov 30, 2021Updated 4 years ago
• ashemery / WindowsDFIR

  View on GitHub
  Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or event…
  ☆77Jul 13, 2021Updated 4 years ago
• gsiddharth29 / Threat-Hunting

  View on GitHub
  Threat Hunt Investigation Methodology and Procedure
  ☆15Jul 11, 2022Updated 3 years ago
• ch33r10 / BlueSpace2021

  View on GitHub
  Ekoparty's BlueSpace Keynote November 2021. Shoutout to @plugxor Muchas Gracias!!!
  ☆13Jun 5, 2023Updated 2 years ago
• ashwin-patil / threat-hunting-with-notebooks

  View on GitHub
  Repository with Sample threat hunting notebooks on Security Event Log Data Sources
  ☆69Dec 2, 2022Updated 3 years ago
• sk4la / plast

  View on GitHub
  Modular command-line threat hunting tool & framework.
  ☆17Jul 20, 2020Updated 5 years ago
• RandomRhythm / mal2csv

  View on GitHub
  Malformed Access Log to CSV - Convert Web Server Access Logs to CSV
  ☆18Sep 3, 2024Updated last year
• laciKE / EsetLogParser

  View on GitHub
  Python script for parsing ESET (NOD32) virlog.dat file.
  ☆14Sep 28, 2017Updated 8 years ago
• ppt0 / easyhunting

  View on GitHub
  Get intelligence info (tags, mitre techniques, yara and more) and find similar malware in a fast and easy way
  ☆19Jun 6, 2022Updated 3 years ago
• omerbenamram / pymft-rs

  View on GitHub
  Python bindings for https://github.com/omerbenamram/mft
  ☆23Dec 23, 2025Updated last month
• GossiTheDog / ThreatHunting

  View on GitHub
  Tools for hunting for threats.
  ☆599Apr 30, 2025Updated 9 months ago
• AndrewRathbun / DFIRRegex

  View on GitHub
  A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.
  ☆107Nov 23, 2022Updated 3 years ago
• dwmetz / PSHero

  View on GitHub
  PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.
  ☆36Jul 11, 2023Updated 2 years ago
• nasbench / MindMaps

  View on GitHub
  #ThreatHunting #DFIR #Malware #Detection Mind Maps
  ☆304Nov 13, 2021Updated 4 years ago
• EricZimmerman / Sum

  View on GitHub
  ☆20Jan 10, 2025Updated last year
• The-DFIR-Report / cyberchef-recipes

  View on GitHub
  ☆21May 8, 2022Updated 3 years ago
• SecurityAura / Aura-Research

  View on GitHub
  Repo that hold write-ups of various research projects I did and/or overall InfoSec things I investigated/researched.
  ☆21Jan 5, 2025Updated last year
• Kirtar22 / ThreatHunting_with_Osquery

  View on GitHub
  Threat Hunting & Incident Investigation with Osquery
  ☆216Mar 30, 2022Updated 3 years ago
• BushidoUK / Abused-Legitimate-Services

  View on GitHub
  Cloud, CDN, and marketing services leveraged by cybercriminals and APT groups
  ☆60Oct 28, 2022Updated 3 years ago
• AhmedKamal1432 / Evilize

  View on GitHub
  Triaging Windows event logs based on SANS Poster
  ☆46Nov 22, 2025Updated 2 months ago
• ignacioj / mftf

  View on GitHub
  $MFT parser (from live systems or a copy of the $MFT) and raw file copy utility
  ☆38Jul 18, 2024Updated last year
• mgreen27 / DetectRaptor

  View on GitHub
  A repository to share publicly available Velociraptor detection content
  ☆196Updated this week
• NextronSystems / evtx-baseline

  View on GitHub
  A repository hosting example goodware evtx logs containing sample software installation and basic user interaction
  ☆86Dec 17, 2025Updated last month
• AtomicGaryBusey / AzureForensics

  View on GitHub
  ☆33Oct 25, 2021Updated 4 years ago
• OllieJC / tbat

  View on GitHub
  Threat Box Assessment Tool
  ☆19Aug 15, 2021Updated 4 years ago
• swisscom / detections

  View on GitHub
  Threat intelligence and threat detection indicators (IOC, IOA)
  ☆52Nov 27, 2020Updated 5 years ago
• forensiclunch / ETLParser

  View on GitHub
  Binary commandline executable to parse ETL files
  ☆69Jun 7, 2018Updated 7 years ago
• brimorlabs / KStrike

  View on GitHub
  Stand-alone parser for User Access Logging from Server 2012 and newer systems
  ☆78Jan 9, 2024Updated 2 years ago
• hvs-consulting / ioc_signatures

  View on GitHub
  Repository with selected IOCs and YARA rules for threat hunting.
  ☆35May 21, 2025Updated 8 months ago
• invoke-eric / jupyter

  View on GitHub
  Jupyter Notebooks for Cyber Threat Intelligence
  ☆35Sep 14, 2023Updated 2 years ago
• kacos2000 / WindowsTimeline

  View on GitHub
  Windows 10 (v1803+) ActivitiesCache.db parsers (SQLite, PowerShell, .EXE)
  ☆196Feb 16, 2023Updated 3 years ago