Mitre Attack

Platform offering cybersecurity courses for Red, Blue, and Purple Teamers by Picus.

A threat hunting capability that leverages Sysmon and MITRE ATT&CK on Azure Sentinel

A Splunk app mapped to MITRE ATT&CK to guide threat hunts.

A Python-based framework that generates evidence of MITRE ATT&CK tactics to help blue teams test their detection capabilities against simulated malicious activities.

A web-based visualization tool for navigating and annotating MITRE ATT&CK matrices to support threat analysis, defensive planning, and security coverage assessment.

A collection of structured incident response playbook battle cards providing prescriptive guidance and countermeasures for cybersecurity incident response operations.

Interactive online malware sandbox for real-time analysis and threat intelligence

A community-driven open source project providing interactive notebooks with detection logic, adversary tradecraft, and resources organized according to MITRE ATT&CK framework for threat hunting and detection development.

Deception based detection techniques with MITRE ATT&CK mapping and Honey Resources.

A curated collection of companies that have publicly disclosed adversary tactics, techniques, and procedures following security breaches.

Define and validate YARA rule metadata with CCCS YARA Specification.

A comprehensive guide to incident response, providing effective techniques for responding to advanced attacks against local and remote network resources.

MITRE Caldera™ is an automated adversary emulation platform built on the MITRE ATT&CK framework that supports red team operations and incident response activities through a modular C2 server and plugin architecture.

XDR platform with endpoint security and threat detection capabilities

Unfetter is a reference implementation framework that collects events from client machines and performs CAR analytics using an ELK stack with Apache Spark to detect potential adversary activity.

Repository containing MITRE ATT&CK and CAPEC threat intelligence datasets formatted in STIX 2.0 standard for cybersecurity analysis and threat intelligence sharing.

A library of event-based analytics written in EQL to detect adversary behaviors identified in MITRE ATT&CK, providing detection rules for the Elastic Stack.

A framework for executing cloud attacker tactics, techniques, and procedures (TTPs) that can generate APIs, Sigma detection rules, and documentation from YAML-based definitions.

CAPA is a static analysis tool that detects and reports capabilities in executable files across multiple formats, mapping findings to MITRE ATT&CK tactics and techniques.

Access a repository of Analytic Stories and security guides mapped to industry frameworks, with Splunk searches, machine learning algorithms, and playbooks for threat detection and response.

A framework for accumulating, describing, and classifying actionable Incident Response techniques

Capa is a malware analysis tool that detects capabilities in executable files by analyzing PE, ELF, .NET modules, shellcode, and sandbox reports to identify potential malicious behaviors with ATT&CK framework mapping.