An informational repo about hunting for adversaries in your IT environment.
☆14Apr 10, 2017Updated 8 years ago
Alternatives and similar repositories for ThreatHunting
Users that are interested in ThreatHunting are comparing it to the libraries listed below
Sorting:
- mindmap created for tools can be used during analysis/investigation☆28Jan 4, 2017Updated 9 years ago
- Checks observables/ioc in TheHive/Cortex against the MISP warningslists☆14Dec 27, 2017Updated 8 years ago
- My Year of Python Repository☆28Jun 13, 2020Updated 5 years ago
- Various DFIR Tools☆27Jul 23, 2018Updated 7 years ago
- Recover event log entries from an image by heurisitically looking for record structures.☆26Oct 9, 2015Updated 10 years ago
- ircollect☆31Aug 7, 2013Updated 12 years ago
- Use DNS to hunt for threats including DGAs☆15Jan 4, 2016Updated 10 years ago
- Modified edition of cuckoo☆18Feb 14, 2018Updated 8 years ago
- Wrapper for TSK (Sleuth Kit) Bindings☆12Jan 10, 2023Updated 3 years ago
- Tool to parse SRU database☆25Mar 1, 2018Updated 8 years ago
- My personal experience in Threat Hunting and knowledge gained so far.☆19May 27, 2017Updated 8 years ago
- Collection of malware ioc hashes from blog posts. A Python script is provided to search through it.☆19Sep 10, 2020Updated 5 years ago
- DeployREMnux is a Python script that will deploy a cloud instance of the public REMnux distribution in the Amazon cloud (AWS).☆16Dec 20, 2019Updated 6 years ago
- A collection of Cortex Analyzers and Responders for TheHive/Cortex☆13Jan 29, 2020Updated 6 years ago
- clx overlay☆11Mar 5, 2026Updated 2 weeks ago
- The repository contains IOCs in CSV format for APT, Cyber Crimes, Malware and Trojan and whatever I found as part of hunting and research☆12Jun 10, 2017Updated 8 years ago
- Integrating Sysinternals Autoruns’ logs into Security Onion☆31Feb 20, 2024Updated 2 years ago
- Simple Microsoft Windows sessions event logs visualization☆156May 2, 2022Updated 3 years ago
- DeepToad is a library and a tool to clusterize similar files using fuzzy hashing☆20Apr 5, 2020Updated 5 years ago
- extract and parse WEVT_TEMPLATEs from PE files☆18Dec 30, 2023Updated 2 years ago
- PERCEIVE is a project incubator inspired by Apache Incubator and Stack Exchange's Area 51. It serves as a staging zone repository for the…☆13May 21, 2018Updated 7 years ago
- Collection of best practices to add OSINT into MISP and/or MISP communities☆65Sep 29, 2023Updated 2 years ago
- Easily create index of your SANS books☆18Oct 28, 2022Updated 3 years ago
- Collection of scripts, patterns, tips, notes, etc for Obsidian.md users☆14Mar 5, 2025Updated last year
- API to access the Redis database of a BGP Ranking instance.☆17Dec 11, 2017Updated 8 years ago
- Parses the FireEye HX .mans triage collections and sends them to ElasticSearch☆17Feb 17, 2023Updated 3 years ago
- Top DNS Measurement for Bro☆10Aug 22, 2020Updated 5 years ago
- Visualization of interaction between entities☆16Nov 28, 2016Updated 9 years ago
- VirusTotal SIEM Integration and Automation☆18Jan 16, 2017Updated 9 years ago
- A script to create and assign SOP tasks into the cases☆20Aug 16, 2020Updated 5 years ago
- Kibana 5 Templates for Suricata IDPS☆43May 30, 2018Updated 7 years ago
- Bootable Gentoo image for USB armory, with Linux 4.3.0☆12Mar 25, 2017Updated 8 years ago
- \ PowerAvails Powershell /☆10Jun 30, 2018Updated 7 years ago
- Generate JSON force-directed/ node graph data from MITRE's ATTACK framework and visualize it interactively☆38Apr 19, 2025Updated 11 months ago
- Mobile detector for radiation mapping - similar to SAFECAST bGeigie Nano☆15Oct 2, 2025Updated 5 months ago
- Tool for analysis of Windows Prefetch files☆26Nov 11, 2018Updated 7 years ago
- Monitoring tool for PasteBin-alike sites written in Python. Inspired by pastemon http://github.com/xme/pastemon☆44Jan 31, 2021Updated 5 years ago
- http://moaistory.blogspot.com/2016/08/ie10analyzer.html☆19Jul 20, 2024Updated last year
- Indicator of Compromise Mapping Service☆12Apr 15, 2014Updated 11 years ago