#Threat-hunting
Showing 60 of 141 repositories tagged #threat-hunting, ranked by stars
817 structured cybersecurity skills for AI agents · Mapped to 6 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND, NIST AI RMF & MITRE F3 (Fight Fraud) · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platforms · 29 security domains · Apache 2.0
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.
MISP (core software) - Open Source Threat Intelligence and Sharing Platform
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.
✨ A curated list of awesome threat detection and hunting resources 🕵️♂️
IntelOwl: manage your Threat Intelligence at scale
A curated list of awesome YARA rules, tools, and people.
Malwoverview is a first response tool for threat hunting across VirusTotal, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, IPInfo, Shodan, AbuseIPDB, GreyNoise, URLScan.io, Whois/RDAP, NIST, and VulnCheck. Supports LLM enrichment, IOC extraction, YARA scanning, and Android analysis.
The Hunting ELK
Rapidly Search and Hunt through Windows Forensic Artefacts
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Real-time HTTP Intrusion Detection
Interesting APT Report Collection And Some Special IOCs
Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.
A curated knowledge base to build, run and mature a SOC (including CSIRT).
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Awesome Security lists for SOC/CERT/CTI
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
A Suricata based NDR distribution
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
A resource containing all the tools each ransomware gangs uses
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
An Active Defense and EDR software to empower Blue Teams
Watcher - Open Source AI-powered Cyber Threat Intelligence & Hunting Platform. Developed with Django & React JS.
🚀🚀 This is a 🎇🔥 REAL WORLD🔥 🎇 Malware Collection I have Compiled & analysed by researchers🔥 to understand more about Malware threats😈, analysis and mitigation🧐.
A curated list of annual cyber security reports
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
The openSquat is an open-source tool for detecting domain look-alikes by searching for newly registered domains that might be impersonating legit domains and brands.
Repositório criado com intuito de reunir expressões regulares dentro do contexto Brasil
Extract and aggregate threat intelligence.
Open source platform for cyber security analysts with many features for threat intelligence and detection engineering.
A collection of resources for Threat Hunters
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
Live Feed of C2 servers, tools, and botnets
SIEM Tactics, Techiques, and Procedures
Windows应急响应工具---Hawkeye(鹰眼)。集Windows日志分析,进程扫描,主机信息于一体的综合应急响应分析工具
FATT /fingerprintAllTheThings - a pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic
Scirius is a web application for Suricata ruleset management and threat hunting.
A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.
常见的攻击行为监测特征及方法,涵盖端点和流量,未包含PowerShell和Sysmon。预祝运营生活愉快!
PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Clusters and elements to attach to MISP events or attributes (like threat actors)
Malware Sample Sources
Production-ready detection & response queries for osquery
A large repository of malware samples with 2500+ malware samples & source codes for a variety of platforms by Cryptware Apps.
Enterprise-ready SIEM, SOAR and Compliance powered by real-time correlation and threat intelligence.
Cover various security approaches to attack techniques and also provides new discoveries about security breaches.
A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
FCL (Fileless Command Lines) - Known command lines of fileless malicious executions
Owlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact).
A powerful and user-friendly browser extension that streamlines investigations for security professionals.
Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Detects process injection and memory manipulation used by malware. Finds RWX regions, shellcode patterns, API hooks, thread hijacking, and process hollowing. Built in Rust for speed. Includes CLI and TUI interfaces.
Bringing you the best of the worst files on the Internet.
:keyboard: Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases
Kestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel.
ATHF is a framework for agentic threat hunting - building systems that can remember, learn, and act with increasing autonomy.