Mitre Attack
Showing 28 of 28 projects
A library of portable detection tests mapped to the MITRE ATT&CK framework for security testing.
An automated cyber security platform for adversary emulation, red teaming, and incident response built on the MITRE ATT&CK framework.
An open-source tool that detects capabilities in executable files like malware, identifying behaviors such as backdoor installation or network communication.
An open-source tool that detects capabilities in executable files like malware, identifying behaviors such as backdoor installation or network communication.
A curated list of awesome open-source tools, detection rules, datasets, and resources for threat detection and hunting.
A community-driven open-source project that structures threat hunting workflows using MITRE ATT&CK, Jupyter notebooks, and AI-augmented planning.
A modular repository of Sysmon configuration modules for customizable endpoint detection and logging.
A collection of 200 Windows EVTX event log samples mapped to MITRE ATT&CK techniques for detection testing and threat hunting.
An open-source security automation platform (SOAR) built for security professionals, focusing on collaboration and resource sharing.
A collection of ready-to-use KQL queries for threat hunting, detection, and analytics in Microsoft Defender for Endpoint and Azure Sentinel.
An open-source repository of security detections, analytic stories, and response playbooks mapped to MITRE ATT&CK for Splunk Enterprise Security.
A curated list of resources, tools, and frameworks for detection engineering in cybersecurity.
An information security preparedness tool for adversarial simulation using Redis/Celery, Python, and Vagrant.
A framework of Python scripts for blue teams to test detection capabilities against malicious tradecraft modeled after MITRE ATT&CK.
A framework for developing rigorous, documented alerting and detection strategies to improve incident response efficacy.
A modular Linux persistence framework for security research, detection engineering, and penetration testing.
An ATT&CK-like threat matrix mapping adversary tactics and techniques specific to CI/CD pipeline security.
A curated collection of Event ID resources for digital forensics and incident response professionals.
A framework for executing and detecting cloud attacker TTPs via YAML definitions, generating APIs, Sigma rules, and documentation.
A collection of native security controls for major cloud platforms mapped to MITRE ATT&CK techniques to enable threat-informed defense decisions.
A modular OSINT honeypot that monitors adversary reconnaissance attempts and generates early-warning intelligence for blue teams.
A curated list of tools and resources for understanding, detecting, and removing malware persistence techniques across operating systems.
A Python tool for offline detection of Windows persistence mechanisms in forensic collections like KAPE dumps or mounted disk images.
A curated collection of information and tools for detecting, analyzing, and hunting malware persistence mechanisms across operating systems.
An autonomous open-source security agent for Linux that detects, scores, and automatically responds to threats using eBPF, AI, and collaborative defense.
An open-source repository of cybersecurity detection rules and threat identifiers for security teams to enhance threat detection capabilities.
A PowerShell tool for auditing and configuring Windows event log settings to improve security visibility and detection capabilities.
A collection of Splunk SPL queries for detecting vulnerability exploits, malware, and MITRE ATT&CK TTPs in security logs.
Related Tags
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.