Threat Detection
Browse 1,669 threat detection tools
FEATURED
A collection of YARA rules for public use, built from intelligence profiles and file work.
A collection of YARA rules for public use, built from intelligence profiles and file work.
A Go-based honeypot that mimics Intel's AMT management service to detect and log exploitation attempts targeting the CVE-2017-5689 firmware vulnerability.
A Go-based honeypot that mimics Intel's AMT management service to detect and log exploitation attempts targeting the CVE-2017-5689 firmware vulnerability.
Fake protocol server simulator supporting 50+ network protocols for deception
Fake protocol server simulator supporting 50+ network protocols for deception
YARA rules for ProcFilter to detect malware and threats
VxSig is a Google-developed tool that automatically generates antivirus byte signatures from similar binaries for Yara and ClamAV detection engines.
VxSig is a Google-developed tool that automatically generates antivirus byte signatures from similar binaries for Yara and ClamAV detection engines.
Ghost USB Honeypot emulates USB storage devices to detect and analyze malware that spreads via USB without requiring prior threat intelligence.
Ghost USB Honeypot emulates USB storage devices to detect and analyze malware that spreads via USB without requiring prior threat intelligence.
Comprehensive cybersecurity platform for hybrid and multi-cloud environments
Comprehensive cybersecurity platform for hybrid and multi-cloud environments
A cross-platform network detection tool that identifies active Responder tools by sending LLMNR queries for fabricated hostnames.
A cross-platform network detection tool that identifies active Responder tools by sending LLMNR queries for fabricated hostnames.
A Certificate Transparency log monitor that alerts users when SSL/TLS certificates are issued for their domains, helping detect unauthorized certificate issuance and potential security threats.
A Certificate Transparency log monitor that alerts users when SSL/TLS certificates are issued for their domains, helping detect unauthorized certificate issuance and potential security threats.
A PowerShell module for threat hunting and security analysis through Windows Event Log processing and malicious activity detection.
A PowerShell module for threat hunting and security analysis through Windows Event Log processing and malicious activity detection.
An open-source platform that builds instrumented environments, simulates attacks, and integrates with Splunk for detection rule development and testing.
An open-source platform that builds instrumented environments, simulates attacks, and integrates with Splunk for detection rule development and testing.
A community-driven informational repository providing resources and guidance for hunting adversaries in IT environments.
A community-driven informational repository providing resources and guidance for hunting adversaries in IT environments.
Free tools for the CrowdStrike customer community to support their use of the Falcon platform.
Free tools for the CrowdStrike customer community to support their use of the Falcon platform.
A collection of structured incident response playbook battle cards providing prescriptive guidance and countermeasures for cybersecurity incident response operations.
A collection of structured incident response playbook battle cards providing prescriptive guidance and countermeasures for cybersecurity incident response operations.
A honeypot system designed to detect and analyze potential security threats
A honeypot system designed to detect and analyze potential security threats
OpenRASP is a runtime application self-protection solution that integrates into application servers to monitor and block threats in real-time using context-aware instrumentation.
OpenRASP is a runtime application self-protection solution that integrates into application servers to monitor and block threats in real-time using context-aware instrumentation.
A powerful tool for analyzing and visualizing system activity timelines.
A powerful tool for analyzing and visualizing system activity timelines.
AI-powered endpoint security with prevention-first approach and EDR capabilities
AI-powered endpoint security with prevention-first approach and EDR capabilities
nyx is a threat intelligence artifact distribution system that facilitates the sharing of threat intelligence indicators from various sources to defensive security systems with configurable criticality levels.
nyx is a threat intelligence artifact distribution system that facilitates the sharing of threat intelligence indicators from various sources to defensive security systems with configurable criticality levels.
A crawler-based low-interaction client honeypot for exposing website threats.
A crawler-based low-interaction client honeypot for exposing website threats.
ChopShop is a MITRE framework that helps analysts create pynids-based decoders and detectors for identifying APT tradecraft in network traffic.
ChopShop is a MITRE framework that helps analysts create pynids-based decoders and detectors for identifying APT tradecraft in network traffic.
Repository of automatically generated YARA rules from Malpedia's YARA-Signator with detailed statistics.
Repository of automatically generated YARA rules from Malpedia's YARA-Signator with detailed statistics.
A honeypot agent for running honeypots with service and data at threatwar.com.
A honeypot agent for running honeypots with service and data at threatwar.com.
AI-powered endpoint protection, detection, and response platform
AI-powered endpoint protection, detection, and response platform
