threathunting

Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest and it is able to scan Android devices against VT.

Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as well as threat hunters to get up and running quickly.

Actionable analytics designed to combat threats

A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365

The open-source pipeline and storage engine for security.

A robust, and flexible open source User & Entity Behavior Analytics (UEBA) framework used for Security Analytics. Developed with luv by Data Scientists & Security Analysts from the Cyber Security Industry. [PRE-ALPHA]

Detecting ATT&CK techniques & tactics for Linux

Artifact collection tool for *nix systems

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

Enhance your malware detection with WAF + YARA (WAFARAY)

The FASTEST way to consume threat intel.

Collection of Dashboards for Threat Hunting and more!

Volatility MindMap & Cheat Sheet

Library of threat hunts to get any user started!

Detect leaks in security event logs.

Tiny proof-of-concept PowerShell script to do threat hunting using ChatGPT (text-davinci-003)

This is a simple Python script that connects to a MISP instance and retrieves attributes of specific types (such as IP addresses, URLs, and hashes). The retrieved attributes are then written to separate files.

Lightweight Endpoint Detection & Response (EDR) Framework

Project to Support The Hunter's Framework (THF)