APT-Hunter Logo

APT-Hunter

0
Free
Visit Website

APT-Hunter is a Threat Hunting tool for Windows event logs which made by purple team mindset to detect APT movements hidden in the sea of Windows event logs to decrease the time to uncover suspicious activity. APT-Hunter uses pre-defined detection rules and focuses on statistics to uncover abnormalities which is very effective in compromise assessment. The output produced with a timeline that can be analyzed directly from Excel, Timeline Explorer, Timesketch, etc... Full information about the tool and how it's used in this article: introducing-apt-hunter-threat-hunting-tool-using-windows-event-log New Release Info: APT-HUNTER V3.0: Rebuilt with Multiprocessing and new cool features Author Twitter: @ahmed_khlief Linkedin: Ahmed Khlief Download APT-Hunter: Download the latest stable version of APT-Hunter with compiled binaries from Releases page. How to Use APT-Hunter: APT-Hunter built using python3 so in order to use the tool you need to install the required libraries. python3 -m pip install -r requirements.txt APT-Hunter is easy to use, you just use the argument -h to print help to see the options needed. python3 APT-Hunter.py -h Examples: Analyzing EVTX files, you can use the following command: python3 APT-Hunter.py -e <path_to_evt_file>

FEATURES

ALTERNATIVES

A comprehensive and unrestricted dataset of security incidents for research and decision-making

A collection of companies that disclose adversary TTPs after being breached, useful for analysis of intrusions.

An open source threat intelligence platform for storing and managing cyber threat intelligence knowledge.

ONYPHE is a cyber defense search engine that discovers exposed assets and provides real-time monitoring to identify vulnerabilities and potential risks.

Acapulco is a Splunk application that automatically generates meta-events from hpfeeds channels and visualizes them using D3.js.

Sample detection rules and dashboards for Google Security Operations

A summary of the threat modeling posts and final thoughts on the process

A database of Tor exit nodes with their corresponding IP addresses and timestamps.

CyberSecTools logoCyberSecTools

Explore the largest curated directory of cybersecurity tools and resources to enhance your security practices. Find the right solution for your domain.

Copyright © 2024 - All rights reserved