COLLECTED BY
Organization:
Internet Archive
Focused crawls are collections of frequently-updated webcrawl data from narrow (as opposed to broad or wide) web crawls, often focused on a single domain or subdomain.
The Wayback Machine - http://web.archive.org/web/20200917141353/https://github.com/topics/threat-hunting
Here are
181 public repositories
matching this topic...
MISP (core software) - Open Source Threat Intelligence and Sharing Platform (formely known as Malware Information Sharing Platform)
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
Updated
Sep 16, 2020
Python
Sysmon configuration file template with default high-quality event tracing
Updated
Sep 17, 2020
Jupyter Notebook
A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
Updated
Sep 17, 2020
Python
A curated list of awesome threat detection and hunting resources
Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
Updated
Sep 16, 2020
Python
A curated list of awesome YARA rules, tools, and people.
Signature base for my scanner tools
Updated
Sep 11, 2020
YARA
Your Everyday Threat Intelligence
Updated
Sep 15, 2020
Python
Windows Events Attack Samples
Updated
Sep 16, 2020
PowerShell
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Updated
Sep 14, 2020
Python
A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
Updated
Jul 28, 2020
Python
A Linux Auditd rule set mapped to MITRE's Attack Framework
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
An Active Defense and EDR software to empower Blue Teams
Advanced Sysmon configuration, Installer & Auto Updater with high-quality event tracing
Updated
Feb 20, 2019
Batchfile
FATT /fingerprintAllTheThings - a pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic
Updated
Nov 4, 2019
Python
FCL (Fileless Command Lines) - Known command lines of fileless malicious executions
Extract and aggregate threat intelligence.
Updated
Sep 14, 2020
Python
A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
Updated
Feb 27, 2020
PowerShell
Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Clusters and elements to attach to MISP events or attributes (like threat actors)
Updated
Sep 17, 2020
Python
A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
Updated
Nov 8, 2019
PowerShell
Archive of publicly available threat INTel reports (mostly APT Reports but not limited to).
StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.
Updated
Jan 25, 2020
Python
Improve this page
Add a description, image, and links to the
threat-hunting
topic page so that developers can more easily learn about it.
Curate this topic
Add this topic to your repo
To associate your repository with the
threat-hunting
topic, visit your repo's landing page and select "manage topics."
Learn more
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session.
You signed out in another tab or window. Reload to refresh your session.
I was wondering the benefit of using Modular File Management vs Single Config File Management? Why do you consider it easier to use multiple files and then compile? Trying to figure out what the best case is for my use case. Thanks. #