Threat Hunting
Showing 36 of 62 projects
A curated list of amazingly awesome open source intelligence (OSINT) tools and resources for cyber threat intelligence and investigations.
A generic and open signature format for describing log event detections, shareable across SIEM systems.
A generic and open signature format for describing log event detections, shareable across SIEM systems.
A curated list of tools and resources for digital forensics and incident response (DFIR) teams.
A curated list of tools and resources for digital forensics and incident response (DFIR) teams.
An open-source platform for collecting, storing, sharing, and acting upon cybersecurity threat intelligence and indicators.
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation.
A high-quality, commented Sysmon configuration template for Windows system monitoring and incident investigation.
A curated list of awesome open-source tools, detection rules, datasets, and resources for threat detection and hunting.
A community-driven open-source project that structures threat hunting workflows using MITRE ATT&CK, Jupyter notebooks, and AI-augmented planning.
A curated list of awesome YARA rules, tools, and resources for malware researchers and security professionals.
An open-source threat hunting platform with advanced analytics capabilities built on ELK stack, Apache Spark, and Jupyter notebooks.
A simple IOC and YARA scanner for detecting malware and security threats via file names, hashes, YARA rules, and C2 connections.
A fast, standalone tool for rapid threat hunting and forensic analysis of Windows event logs and other forensic artefacts.
A Sigma-based threat hunting and fast forensics timeline generator for Windows event logs, written in Rust.
A Linux distribution for threat hunting, enterprise security monitoring, and log management.
A modular repository of Sysmon configuration modules for customizable endpoint detection and logging.
A curated list of free, hands-on educational resources for learning cybersecurity through practical exercises and CTF challenges.
A PowerShell toolkit for attacking, auditing, and securing Microsoft SQL Server environments during penetration tests.
Snort and YARA rules to detect attacks using FireEye's red team tools, released after their 2020 breach disclosure.
A public repository for developing, testing, and maintaining detection rules for Elastic Security's SIEM, with tools for Detections as Code.
A collection of 200 Windows EVTX event log samples mapped to MITRE ATT&CK techniques for detection testing and threat hunting.
A PowerShell module for threat hunting and detecting malicious activity via Windows Event Logs.
A PowerShell module for Blue Teams, Incident Responders, and System Administrators to hunt persistence techniques implanted in Windows machines.
A forensics intelligence platform that bridges CTI and DFIR by storing threat intelligence and enabling bulk observable searches and threat-focused analysis.
A forensic evidence collection and analysis toolkit for macOS, gathering system data to investigate potential infections.
A collection of ready-to-use KQL queries for threat hunting, detection, and analytics in Microsoft Defender for Endpoint and Azure Sentinel.
An open source, serverless security data lake for AWS that normalizes logs, enables detection-as-code, and supports petabyte-scale threat hunting.
A modular PowerShell framework for enterprise incident response and breach hunting using remote data collection.
A collection of real-world malware samples, analysis exercises, and training resources for cybersecurity education and research.
A threat hunting tool that analyzes Windows event logs to detect APT movements and suspicious activity using pre-defined rules and statistical analysis.
A pre-configured Linux virtual machine for adversary emulation and threat hunting with attacker and defender toolkits.
A curated list of resources, tools, and frameworks for detection engineering in cybersecurity.
A curated, vendor-neutral collection of free annual cybersecurity analysis and survey reports from trusted sources.
A curated, vendor-neutral collection of free annual cybersecurity analysis and survey reports from trusted sources.
Scans files and process memory for Cobalt Strike beacons and extracts their configuration.
Related Tags
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.