Threat Detection

A cross-platform network detection tool that identifies active Responder tools by sending LLMNR queries for fabricated hostnames.

A Certificate Transparency log monitor that alerts users when SSL/TLS certificates are issued for their domains, helping detect unauthorized certificate issuance and potential security threats.

A PowerShell module for threat hunting and security analysis through Windows Event Log processing and malicious activity detection.

An open-source platform that builds instrumented environments, simulates attacks, and integrates with Splunk for detection rule development and testing.

A community-driven informational repository providing resources and guidance for hunting adversaries in IT environments.

Free tools for the CrowdStrike customer community to support their use of the Falcon platform.

A collection of structured incident response playbook battle cards providing prescriptive guidance and countermeasures for cybersecurity incident response operations.

A honeypot system designed to detect and analyze potential security threats

OpenRASP is a runtime application self-protection solution that integrates into application servers to monitor and block threats in real-time using context-aware instrumentation.

A powerful tool for analyzing and visualizing system activity timelines.

AI-powered endpoint security with prevention-first approach and EDR capabilities

nyx is a threat intelligence artifact distribution system that facilitates the sharing of threat intelligence indicators from various sources to defensive security systems with configurable criticality levels.

A crawler-based low-interaction client honeypot for exposing website threats.

ChopShop is a MITRE framework that helps analysts create pynids-based decoders and detectors for identifying APT tradecraft in network traffic.

Repository of automatically generated YARA rules from Malpedia's YARA-Signator with detailed statistics.

A honeypot agent for running honeypots with service and data at threatwar.com.

AI-powered endpoint protection, detection, and response platform

A curated collection of Sigma & Yara rules and Indicators of Compromise (IOCs) for threat detection and malware identification.

Strelka is a real-time, container-based file scanning system that performs file extraction and metadata collection at enterprise scale for threat hunting, detection, and incident response.

A command-line tool that analyzes local CloudTrail files to detect off-instance AWS key usage patterns for security monitoring and forensic analysis.

KFSensor is an advanced Windows honeypot system for detecting hackers and worms by simulating vulnerable system services.

ThreatNote is a threat intelligence platform that provides real-time updates on emerging cybersecurity threats, vulnerabilities, and attack vectors to help organizations enhance their security posture.

Sigma is a generic and open signature format for SIEM systems and other security tools to detect and respond to threats.

CINSscore.com provides Threat Intelligence database with accurate IP scores and collective defense through community and Sentinel IPS unit sourced data.