Threat Hunting
Threat hunting tools and platforms for proactive threat detection, advanced persistent threat (APT) discovery, and security investigation.
Explore 75 curated cybersecurity tools, with 14,802+ visitors searching for solutions
FEATURED
Password manager with end-to-end encryption and identity protection features
VPN service providing encrypted internet connections and privacy protection
Fractional CISO services for B2B companies to accelerate sales and compliance
Get Featured
Feature your product and reach thousands of professionals.
RELATED TASKS
A community-driven open source project providing interactive notebooks with detection logic, adversary tradecraft, and resources organized according to MITRE ATT&CK framework for threat hunting and detection development.
A community-driven open source project providing interactive notebooks with detection logic, adversary tradecraft, and resources organized according to MITRE ATT&CK framework for threat hunting and detection development.
A lightweight bash script IOC scanner for Linux/Unix/macOS systems that detects malicious indicators through hash matching, filename analysis, string searches, and C2 server identification without requiring installation.
A lightweight bash script IOC scanner for Linux/Unix/macOS systems that detects malicious indicators through hash matching, filename analysis, string searches, and C2 server identification without requiring installation.
Automatically curate open-source Yara rules and run scans with YAYA.
Automatically curate open-source Yara rules and run scans with YAYA.
Utilize Jupyter Notebooks to enhance threat hunting capabilities by focusing on different threat categories or stages.
Utilize Jupyter Notebooks to enhance threat hunting capabilities by focusing on different threat categories or stages.
Define and validate YARA rule metadata with CCCS YARA Specification.
Define and validate YARA rule metadata with CCCS YARA Specification.
An interactive command line application for Open Source Intelligence collection and artifact management that enables investigation of IP addresses, domains, email addresses, file hashes, and other digital artifacts.
An interactive command line application for Open Source Intelligence collection and artifact management that enables investigation of IP addresses, domains, email addresses, file hashes, and other digital artifacts.
Companion repository for deploying osquery in a production environment with tailored query packs.
Companion repository for deploying osquery in a production environment with tailored query packs.
Visualize and analyze network relationships with AfterGlow
Powershell Threat Hunting Module for scanning remote endpoints and collecting comprehensive information.
Powershell Threat Hunting Module for scanning remote endpoints and collecting comprehensive information.
Unfetter is a reference implementation framework that collects events from client machines and performs CAR analytics using an ELK stack with Apache Spark to detect potential adversary activity.
Unfetter is a reference implementation framework that collects events from client machines and performs CAR analytics using an ELK stack with Apache Spark to detect potential adversary activity.
JARM is a TLS server fingerprinting tool used for identifying server configurations and malicious infrastructure.
JARM is a TLS server fingerprinting tool used for identifying server configurations and malicious infrastructure.
Official repository of YARA rules for threat detection and hunting
Official repository of YARA rules for threat detection and hunting
A network recon framework including tools for passive and active recon
A network recon framework including tools for passive and active recon
Fast suspicious file finder for threat hunting and live forensics.
A multi-platform open source tool for triaging suspect systems and hunting for Indicators of Compromise (IOCs) across thousands of endpoints.
A multi-platform open source tool for triaging suspect systems and hunting for Indicators of Compromise (IOCs) across thousands of endpoints.
A threat hunting tool for Windows event logs to detect APT movements and decrease the time to uncover suspicious activity.
A threat hunting tool for Windows event logs to detect APT movements and decrease the time to uncover suspicious activity.
A library of event-based analytics written in EQL to detect adversary behaviors identified in MITRE ATT&CK, providing detection rules for the Elastic Stack.
A library of event-based analytics written in EQL to detect adversary behaviors identified in MITRE ATT&CK, providing detection rules for the Elastic Stack.
A recognition framework for identifying products, services, operating systems, and hardware by matching fingerprints against network probes.
A recognition framework for identifying products, services, operating systems, and hardware by matching fingerprints against network probes.
Management portal for LoKi scanner with centralized database for scanning activities.
Management portal for LoKi scanner with centralized database for scanning activities.
Cortex is a tool for analyzing observables at scale and automating threat intelligence, digital forensics, and incident response.
Cortex is a tool for analyzing observables at scale and automating threat intelligence, digital forensics, and incident response.
PlumHound is a reporting engine that converts BloodHoundAD's Neo4J queries into operational security reports for analyzing Active Directory vulnerabilities and attack paths.
PlumHound is a reporting engine that converts BloodHoundAD's Neo4J queries into operational security reports for analyzing Active Directory vulnerabilities and attack paths.
A tool collection for filtering and visualizing logon events, designed for experienced DFIR specialists in threat hunting and incident response.
A tool collection for filtering and visualizing logon events, designed for experienced DFIR specialists in threat hunting and incident response.
TrailBlazer analyzes AWS CloudTrail logging behavior by systematically testing API calls across services to determine what gets logged and how it appears in CloudTrail.
TrailBlazer analyzes AWS CloudTrail logging behavior by systematically testing API calls across services to determine what gets logged and how it appears in CloudTrail.
TRENDING CATEGORIES
Stay Updated with Mandos Brief
Get the latest cybersecurity updates in your inbox
POPULAR
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Security platform that provides protection, monitoring and governance for enterprise generative AI applications and LLMs against various threats including prompt injection and data poisoning.
A threat intelligence aggregation service that consolidates and summarizes security updates from multiple sources to provide comprehensive cybersecurity situational awareness.
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.