Threat Hunting
Showing 25 of 61 projects
A lightweight Bash script for scanning Linux/Unix/OSX systems for Indicators of Compromise (IOCs) without installation.
A Python tool to analyze, explore, and revive malicious HTTP traffic from PCAP files for security research.
A PowerShell suite for remote Windows incident response and hunting using CIM/WMI, requiring no agent deployment.
A curated collection of Event ID resources for digital forensics and incident response professionals.
An open-source framework for detecting command and control communication through network traffic analysis using Zeek logs.
Open-source detection rules for identifying SolarWinds SunBurst backdoor activities and related vulnerabilities across multiple security tools.
A self-hosted incident response platform that automates alert handling and ticket management for security teams.
An open-source platform for collecting, processing, and analyzing forensic artifacts from macOS, Windows, and Linux systems.
A PowerShell module collection for agentless artifact gathering and reconnaissance on Windows endpoints.
A lightweight investigation notebook for security analysts to document and track threat intelligence.
A collection of prescriptive recipes for preparing and applying countermeasures against cyber threats and attacks.
A browser extension that streamlines security investigations by providing quick lookups for IPs, domains, hashes, and other indicators.
A collection of Splunk SPL queries and prototypes for threat hunting and detection engineering.
A PowerShell module for remote endpoint threat hunting, scanning for indicators of compromise and collecting system state information.
A curated list of tools and resources for understanding, detecting, and removing malware persistence techniques across operating systems.
A pub-sub broker for threat intelligence data that connects open-source security tools like OpenCTI, MISP, Zeek, and VAST.
A lightweight incident response tool for rapid suspicious file discovery during threat hunting and forensic triage.
A command-line tool for macOS persistence mechanism emulation and testing, designed for threat hunters.
A Python tool for advanced analysis of Windows AppCompat/AmCache forensic artifacts, enabling threat hunting beyond basic grep techniques.
A Python script that uses Volatility to analyze malware memory footprints by comparing Windows memory images before and after infection.
A curated collection of information and tools for detecting, analyzing, and hunting malware persistence mechanisms across operating systems.
Suricata rules for network anomaly detection and threat hunting.
A Python-based multithreaded threat intelligence gathering tool that collects, stores, and serves indicators of compromise from various sources.
An autonomous open-source security agent for Linux that detects, scores, and automatically responds to threats using eBPF, AI, and collaborative defense.
An open-source repository of cybersecurity detection rules and threat identifiers for security teams to enhance threat detection capabilities.
Related Tags
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.