Threat Hunting
Explore 75 curated tools and resources
LATEST ADDITIONS
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.
A comprehensive guide on Linux persistence mechanisms, focusing on scheduled tasks and jobs, their implementation, detection, and hunting strategies.
The Ransomware Tool Matrix is a repository that lists and categorizes tools used by ransomware gangs, aiding in threat hunting, incident response, and adversary emulation.
Wazuh is an open-source security platform offering unified XDR and SIEM protection for endpoints and cloud workloads, integrating various security functions into a single architecture.
Akamai Hunt is a managed threat hunting service that detects and remediates evasive security risks in network environments using data analysis, AI, and expert investigation.
CrowdStrike Falcon Insight XDR is an AI-powered endpoint detection and response solution that provides comprehensive protection, visibility, and automated response capabilities.
SentinelOne Purple AI is an AI-powered security analyst solution that simplifies threat hunting and investigations, empowers analysts, accelerates security operations, and safeguards data.
Kunai is a Linux-based system monitoring tool that provides real-time monitoring and threat hunting capabilities.
A comprehensive resource for threat hunting in Active Directory environments, covering tracking command-line/PowerShell activity, Kerberoasting detection, auditing attacker activity, and monitoring enterprise command-line activity.
A free and open-source OSINT framework for gathering and analyzing data from various sources
A collection of tools and resources for threat hunters.
A repository to aid Windows threat hunters in looking for common artifacts.
A threat hunting capability that leverages Sysmon and MITRE ATT&CK on Azure Sentinel
Intezer is a cloud-based malware analysis platform that detects and classifies malware using genetic code analysis.
A runtime threat management and attack path enumeration tool for cloud-native environments
A comprehensive Threat Intelligence Program Management Solution for managing the entire CTI lifecycle.
A honeypot designed to detect and analyze malicious activities in instant messaging platforms.
A comprehensive incident response and threat hunting tool for Google Cloud Platform, providing logs and forensic data for effective incident response and threat hunting.
A Splunk app mapped to MITRE ATT&CK to guide threat hunts.
Threat intelligence and digital risk protection platform
OpenIOC editor for building and manipulating threat intelligence data with support for various systems.
HoneyDB is a honeypot-based threat intelligence platform that provides real-time insights into attacker behavior and malicious activity on networks.
A program to extract IOCs from text files using regular expressions
A collection of YARA rules for research and hunting purposes.
Tool for visualizing correspondences between YARA ruleset and samples
A Linux distribution designed for threat emulation and threat hunting, integrating attacker and defender tools for identifying threats in your environment.
A PowerShell module for threat hunting via Windows Event Logs
An informational repo about hunting for adversaries in your IT environment.
FireEye Mandiant SunBurst Countermeasures: freely available rules for detecting malicious files and activity
Threat hunting tool leveraging Windows events for identifying outliers and suspicious behavior.
Comprehensive endpoint protection platform providing unified visibility and security for cloud workloads, endpoints, and containers.
Lists of sources and utilities to hunt, detect, and prevent evildoers.
Daily feed of bad IPs with blacklist hit scores for cybersecurity professionals to stay informed about malicious IP addresses.
Highlighter is a FireEye Market app that integrates with FireEye products to provide enhanced cybersecurity capabilities.
Signature-based YARA rules for detecting and preventing threats within Linux, Windows, and macOS systems.
Repository of scripts, signatures, and IOCs related to various malware analysis topics.
A Security Orchestration, Automation and Response (SOAR) platform for incident response and threat hunting.
A community-driven project sharing detection logic, adversary tradecraft, and resources to make detection development more efficient, following MITRE ATT&CK structure.
Cisco Secure Endpoint is a cloud-native endpoint security solution that provides advanced protection and response to threats.
Unified defense platform providing endpoint protection, extended detection and response, threat hunting, and digital forensics and incident response.
Collection of YARA signatures from recent malware research.
Real-time, container-based file scanning system for threat hunting and incident response.
Utilize Jupyter Notebooks to enhance threat hunting capabilities by focusing on different threat categories or stages.
Blue-team capture the flag competition for improving cybersecurity skills.
A low-interaction honeypot for detecting and analyzing potential attacks on Android devices via ADB over TCP/IP
Sigma is a generic and open signature format for SIEM systems and other security tools to detect and respond to threats.
Unified repository for Microsoft Sentinel and Microsoft 365 Defender containing security content, detections, queries, playbooks, and resources to secure environments and hunt for threats.
RiskAnalytics Solutions offers community projects for cyber threat intelligence sharing and collaboration.
INE Security offers a range of cybersecurity certifications, including penetration testing, mobile and web application security, and incident response.
QRadio is a tool/framework designed to consolidate cyber threats intelligence sources.
A comprehensive guide to incident response, providing effective techniques for responding to advanced attacks against local and remote network resources.
Real-time capture the flag (CTF) scoring engine for computer wargames with a fun game-like environment for learning cybersecurity skills.
Level 400 training to become a Microsoft Sentinel Ninja.
Visualize and analyze network relationships with AfterGlow
Windows event log fast forensics timeline generator and threat hunting tool.
Powershell Threat Hunting Module for scanning remote endpoints and collecting comprehensive information.
Open Source Threat Intelligence Gathering and Processing Framework
A cybersecurity tool for collecting and analyzing forensic artifacts on live systems.
Fast suspicious file finder for threat hunting and live forensics.
A threat hunting tool for Windows event logs to detect APT movements and decrease the time to uncover suspicious activity.
PolySwarm is a malware intelligence marketplace that aggregates threat detection engines to provide early detection, unique samples, and higher accuracy.
An Open Source solution for management of Threat Intelligence at scale, integrating multiple analyzers and malware analysis tools.
Cortex is a tool for analyzing observables at scale and automating threat intelligence, digital forensics, and incident response.
A tool collection for filtering and visualizing logon events, designed for experienced DFIR specialists in threat hunting and incident response.
The Trystero Project is a threat intelligence platform that measures email security efficacy and provides various tools and resources, while VMware Carbon Black offers endpoint protection and workload security solutions.
A container of PCAP captures mapped to the relevant attack tactic
Automatically create yara rules based on images embedded in office documents.
Container of 200 Windows EVTX samples for testing detection scripts and training on DFIR.
A comprehensive guide to developing an incident response capability through intelligence-based threat hunting, covering theoretical concepts and real-life scenarios.
Open source web app for storing and searching Actor related data from users and public repositories.
Pulsedive is a threat intelligence platform that provides frictionless threat intelligence for growing teams, offering features such as indicator enrichment, threat research, and API integration.
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Free
Security Operations
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Free
Blogs and News
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
Commercial
AI Security