tropChaud / Categorized-Adversary-TTPsView external linksLinks
Merge of two major cyber adversary datasets, MITRE ATT&CK and ETDA/ThaiCERT Threat Actor Cards, enabling victim/motivation-adversary-technique pivoting.
☆54Jul 31, 2022Updated 3 years ago
Alternatives and similar repositories for Categorized-Adversary-TTPs
Users that are interested in Categorized-Adversary-TTPs are comparing it to the libraries listed below
Sorting:
- Intelligence around common attacker behaviors (MITRE ATT&CK TTPs), in the form of ATT&CK Navigator "layer" json files.☆36Aug 12, 2022Updated 3 years ago
- Generate portable TTP intelligence from a web-based report☆31Oct 24, 2022Updated 3 years ago
- A library of reference materials, tools, and other resources to aid threat profiling, threat quantification, and cyber adversary defense☆103Dec 13, 2023Updated 2 years ago
- Collects a listing of MITRE ATT&CK Techniques, then discovers Splunk ESCU detections for each technique☆69Mar 17, 2024Updated last year
- Blackcert monitors Certificate Transparency Logs for a keyword. Blackcert collects any certificate changes for this keyword and also chec…☆10Dec 8, 2022Updated 3 years ago
- A PowerShell script that checks for dangerous ACLs on system hives and shadows☆28Jul 21, 2021Updated 4 years ago
- ☆14Mar 5, 2021Updated 4 years ago
- Tool to read EVTX files including SYSMON and convert to JSON, MISP Objects and Graph stream☆12Oct 29, 2020Updated 5 years ago
- Accelerating the collection, processing, analysis and outputting of digital forensic artefacts.☆32Nov 23, 2025Updated 2 months ago
- Converts Sigma detection rules to a Splunk alert configuration.☆12Jul 1, 2021Updated 4 years ago
- MISP to Splunk Enterprise Security Theat Intelligence Framework Integration☆14Jul 11, 2023Updated 2 years ago
- Proof-of-concept for phishing intelligence in Elastic☆15Apr 30, 2019Updated 6 years ago
- Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques☆142Feb 25, 2024Updated last year
- ☆19Aug 2, 2020Updated 5 years ago
- Helping Incident Responders hunt for potential persistence mechanisms on UNIX-based systems.☆17Oct 28, 2023Updated 2 years ago
- TRAM is an open-source platform designed to advance research into automating the mapping of cyber threat intelligence reports to MITRE AT…☆545May 6, 2025Updated 9 months ago
- User Feedback Space of #MitreAssistant☆38May 19, 2023Updated 2 years ago
- A Splunk App containing Sigma detection rules, which can be updated from a Git repository.☆111Feb 6, 2020Updated 6 years ago
- LetMeOutOfYour.net Resources☆21Jul 15, 2020Updated 5 years ago
- This script provides a Python library with methods to authenticate to various sources of threat intelligence and query IPs for the latest…☆18Feb 16, 2025Updated 11 months ago
- The Threat Actor Profile Guide for CTI Analysts☆116Jul 15, 2023Updated 2 years ago
- petit "playbook" qui pourrait servir de base à une réponse à incident lors d'une attaque de type ransomware☆21Aug 30, 2022Updated 3 years ago
- Send High & New Incidents to The Hive incident management Platform☆18Feb 13, 2021Updated 5 years ago
- High-level Threat Intelligence playbooks☆20Mar 6, 2021Updated 4 years ago
- Analysis of syscall sequence pattern from exploit codes for advanced system call sequence filtering for enhanced container security☆16May 21, 2023Updated 2 years ago
- Cumulonimbus-UAL_Extractor is a PowerShell based tool created by the Tesorion CERT team to help gather the Unified Audit Logging out of a…☆21Oct 25, 2023Updated 2 years ago
- Threat Box Assessment Tool☆19Aug 15, 2021Updated 4 years ago
- Splunk App for MITRE Att&CK Navigator(TM)☆23Mar 25, 2021Updated 4 years ago
- ☆78Sep 29, 2025Updated 4 months ago
- Scripts and tools accompanying HP Threat Research blog posts and reports.☆50Apr 10, 2024Updated last year
- Microsoft Flow Attack Framework☆23Nov 14, 2019Updated 6 years ago
- Rules generated from our investigations.☆204Jun 17, 2025Updated 7 months ago
- C# utility that uses WMI to run "cmd.exe /c netstat -n", save the output to a file, then use SMB to read and delete the file remotely☆38Jan 3, 2020Updated 6 years ago
- AI-Powered, Local Pythonic Coding Agent 🐞💻☆24Mar 3, 2025Updated 11 months ago
- Detect Tactics, Techniques & Combat Threats☆2,263Jan 21, 2026Updated 3 weeks ago
- Custom Splunk search command to reconstruct a pstree from Sysmon process creation events (EventCode 1)☆24Mar 3, 2023Updated 2 years ago
- ☆99Sep 16, 2022Updated 3 years ago
- The Threat Hunting In Rapid Iterations (THIRI) Jupyter notebook is designed as a research aide to let you rapidly prototype threat huntin…☆154Apr 25, 2022Updated 3 years ago
- CarbonBlack EDR detection rules and response actions☆73Sep 10, 2024Updated last year