APT-Hunter is a Threat Hunting tool for Windows event logs which made by purple team mindset to detect APT movements hidden in the sea of Windows event logs to decrease the time to uncover suspicious activity. APT-Hunter uses pre-defined detection rules and focuses on statistics to uncover abnormalities which is very effective in compromise assessment. The output produced with a timeline that can be analyzed directly from Excel, Timeline Explorer, Timesketch, etc... Full information about the tool and how it's used in this article: introducing-apt-hunter-threat-hunting-tool-using-windows-event-log New Release Info: APT-HUNTER V3.0: Rebuilt with Multiprocessing and new cool features Author Twitter: @ahmed_khlief Linkedin: Ahmed Khlief Download APT-Hunter: Download the latest stable version of APT-Hunter with compiled binaries from Releases page. How to Use APT-Hunter: APT-Hunter built using python3 so in order to use the tool you need to install the required libraries. python3 -m pip install -r requirements.txt APT-Hunter is easy to use, you just use the argument -h to print help to see the options needed. python3 APT-Hunter.py -h Examples: Analyzing EVTX files, you can use the following command: python3 APT-Hunter.py -e <path_to_evt_file>
FEATURES
ALTERNATIVES
Sigma is a generic and open signature format for SIEM systems and other security tools to detect and respond to threats.
A python3 application for querying sites hosting publicly pasted data and scanning for sensitive information.
A community-driven list of sample security analytics for auditing cloud usage and detecting threats in Google Cloud.
A threat intelligence domain/IP/hash threat feeds checker that checks IPVoid, URLVoid, Virustotal, and Cymon.
Signature-based YARA rules for detecting and preventing threats within Linux, Windows, and macOS systems.
A daily collection of IOCs from various sources, including articles and tweets.
PINNED

ImmuniWeb® Discovery
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.

InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.

Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Check Point CloudGuard WAF
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.

Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.