Threat Hunting

PyIOCe is a Python-based OpenIOC editor that enables security professionals to create, edit, and manage Indicators of Compromise for threat intelligence and incident response operations.

HoneyDB is a honeypot-based threat intelligence platform that provides real-time insights into attacker behavior and malicious activity on networks.

A program to extract IOCs from text files using regular expressions

A web-based visualization tool for navigating and annotating MITRE ATT&CK matrices to support threat analysis, defensive planning, and security coverage assessment.

A collection of YARA rules for research and hunting purposes.

Tool for visualizing correspondences between YARA ruleset and samples

A Linux distribution designed for threat emulation and threat hunting, integrating attacker and defender tools for identifying threats in your environment.

A PowerShell module for threat hunting and security analysis through Windows Event Log processing and malicious activity detection.

A community-driven informational repository providing resources and guidance for hunting adversaries in IT environments.

FireEye Mandiant SunBurst Countermeasures: freely available rules for detecting malicious files and activity

Threat hunting tool leveraging Windows events for identifying outliers and suspicious behavior.

Comprehensive endpoint protection platform providing unified visibility and security for cloud workloads, endpoints, and containers.

Lists of sources and utilities to hunt, detect, and prevent evildoers.

A digital forensics tool that extracts and analyzes Windows AppCompat and AmCache registry data for enterprise-scale forensic investigations.

Daily feed of bad IPs with blacklist hit scores for cybersecurity professionals to stay informed about malicious IP addresses.

Highlighter is a FireEye Market app that integrates with FireEye products to provide enhanced cybersecurity capabilities.

Signature-based YARA rules for detecting and preventing threats within Linux, Windows, and macOS systems.

Repository of scripts, signatures, and IOCs related to various malware analysis topics.

A Security Orchestration, Automation and Response (SOAR) platform for incident response and threat hunting.

ChopShop is a MITRE framework that helps analysts create pynids-based decoders and detectors for identifying APT tradecraft in network traffic.

A community-driven open source project providing interactive notebooks with detection logic, adversary tradecraft, and resources organized according to MITRE ATT&CK framework for threat hunting and detection development.

Cisco Secure Endpoint is a cloud-native endpoint security solution that provides advanced protection and response to threats.

Unified defense platform providing endpoint protection, extended detection and response, threat hunting, and digital forensics and incident response.

Collection of YARA signatures from recent malware research.