Threat Intelligence

Troje is a honeypot that creates dynamic LXC container environments to attract and monitor attackers while recording their activities and system changes.

HTB Academy offers guided cybersecurity training with industry certifications to help you become a market-ready professional.

A Linux distribution designed for threat emulation and threat hunting, integrating attacker and defender tools for identifying threats in your environment.

A data visualization and statistical analysis tool for measuring the quality and effectiveness of threat intelligence indicator feeds through various analytical tests.

PyIntelOwl is a Python SDK and CLI client for interacting with IntelOwl's threat intelligence API to submit files and observables for automated security analysis.

KLara is a distributed system written in Python that helps Threat Intelligence researchers hunt for new malware using Yara.

MISP is an open source threat intelligence platform that enhances threat information sharing and analysis.

A community-driven informational repository providing resources and guidance for hunting adversaries in IT environments.

Platform providing community-driven threat intelligence on cyber threats with a focus on malware and botnets.

Enterprise security platform for hybrid mesh networks and AI transformation

An SDN honeypot tool for detecting and analyzing malicious activities in Software-Defined Networking environments.

A python3 application for querying sites hosting publicly pasted data and scanning for sensitive information.

Enterprise cloud security platform for endpoint, network, email & data protection

Unified security platform with EPP, EDR, XDR, and MDR capabilities

Analyze suspicious files, domains, IPs, and URLs to detect malware and other breaches, and share results with the security community.

n6 is a network security incident exchange system that collects, manages, and distributes threat and incident data through REST API and web interfaces for authorized users.

A set of rules for detecting threats in various formats, including Snort, Yara, ClamAV, and HXIOC.

npm-zoo is a curated database of known malicious NPM packages that helps developers and security researchers identify and avoid potentially harmful dependencies in their projects.

A collection of public YARA signatures for various malware families.

Highlighter is a FireEye Market app that integrates with FireEye products to provide enhanced cybersecurity capabilities.

OSTrICa is an open source plugin-based framework that collects and visualizes threat intelligence data from various sources to help cybersecurity professionals correlate IoCs and enhance their defensive capabilities.

nyx is a threat intelligence artifact distribution system that facilitates the sharing of threat intelligence indicators from various sources to defensive security systems with configurable criticality levels.

VX-Underground is a vast online repository of malware samples, featuring various collections for cybersecurity professionals and researchers to analyze and combat cyber threats.

Knowledge base workflow management dashboard for YARA rules and C2 artifacts.