MISP (core software) - Open Source Threat Intelligence and Sharing Platform

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

Sysmon configuration file template with default high-quality event tracing

✨ A curated list of awesome threat detection and hunting resources 🕵️‍♂️

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

IntelOwl: manage your Threat Intelligence at scale

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.

A curated list of awesome YARA rules, tools, and people.

The Hunting ELK

Malwoverview is a rapid response tool used to gather intelligence information from VirusTotal, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, and IPInfo, as well as to check for vulnerabilities in Android devices. Now, it also retrieves vulnerability records from NIST.

Rapidly Search and Hunt through Windows Forensic Artefacts

Real-time HTTP Intrusion Detection

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

A repository of sysmon configuration modules

Interesting APT Report Collection And Some Special IOCs

YARA signature and IOC database for my scanners and tools

Windows Events Attack Samples

No description provided.

Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.

Your Everyday Threat Intelligence

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

Indicators of Compromise from Amnesty International's cyber investigations

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

A curated knowledge base to build, run and mature a SOC (including CSIRT).

A Suricata based NDR distribution

Utilities for Sysmon

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

A resource containing all the tools each ransomware gangs uses