ThreatHunter-Playbook by OTRF

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

updated at May 12, 2024, 10:41 a.m.

370 +0

3,877 +3

796 +1

fleet by fleetdm

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)

updated at May 12, 2024, 9:56 a.m.

31 -1

2,180 +19

351 -1

RegRipper3.0 by keydet89

RegRipper3.0

updated at May 12, 2024, 8:13 a.m.

27 +0

488 +5

120 +1

sigma by SigmaHQ

Main Sigma Rule Repository

updated at May 12, 2024, 6:07 a.m.

327 +0

7,670 +16

2,102 +9

radare2 by radareorg

UNIX-like reverse engineering framework and command-line toolset

updated at May 12, 2024, 5:08 a.m.

483 -2

19,678 +20

2,938 +1

APTSimulator by NextronSystems

A toolset to make a system look as if it was the victim of an APT attack

updated at May 12, 2024, 4:22 a.m.

120 +0

2,379 +6

416 +2

MalConfScan by JPCERTCC

Volatility plugin for extracts configuration data of known malware

updated at May 12, 2024, 3:33 a.m.

36 +0

469 +1

68 +0

fibratus by rabbitstack

A modern tool for Windows kernel exploration and tracing with a focus on security

updated at May 12, 2024, 3:07 a.m.

72 +0

2,085 +9

183 +0

awesome-forensics by cugu

A curated list of awesome forensic analysis tools and resources

updated at May 12, 2024, 2:25 a.m.

167 +0

3,600 +4

594 +0

artifacts by ForensicArtifacts

Digital Forensics artifact repository

updated at May 12, 2024, 1:53 a.m.

73 -1

985 +1

202 +0

atomic-red-team by redcanaryco

Small and highly portable detection tests based on MITRE's ATT&CK.

updated at May 11, 2024, 11:17 p.m.

344 +1

9,109 +23

2,676 +8

sysmon-modular by olafhartong

A repository of sysmon configuration modules

updated at May 11, 2024, 11:13 p.m.

164 +0

2,497 +4

567 +0

volatility by volatilityfoundation

An advanced memory forensics framework

updated at May 11, 2024, 9:42 p.m.

308 +0

6,948 +9

1,252 +2

WELA by Yamato-Security

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

updated at May 11, 2024, 9:15 p.m.

17 +1

678 +0

74 +0

cuckoo by cuckoosandbox

Cuckoo Sandbox is an automated dynamic malware analysis system

updated at May 11, 2024, 9:13 p.m.

435 +0

5,423 +7

1,688 -2

RedHunt-OS by redhuntlabs

Virtual Machine for Adversary Emulation and Threat Hunting

updated at May 11, 2024, 5:25 p.m.

85 +0

1,199 +3

183 +1

Fenrir by Neo23x0

Simple Bash IOC Scanner

updated at May 11, 2024, 4:07 p.m.

39 +0

662 +2

103 +0

Loki by Neo23x0

Loki - Simple IOC and YARA Scanner

updated at May 11, 2024, 3:58 p.m.

187 +0

3,251 +3

575 +1

mac_apt by ydkhatri

macOS (& ios) Artifact Parsing Tool

updated at May 11, 2024, 9:42 a.m.

44 +0

719 +1

99 +0

HELK by Cyb3rWard0g

The Hunting ELK

updated at May 11, 2024, 6:28 a.m.

216 +0

3,702 +3

673 +1