APT-Hunter
APT-Hunter is a Threat Hunting tool for Windows event logs which made by purple team mindset to detect APT movements hidden in the sea of Windows event logs to decrease the time to uncover suspicious activity. APT-Hunter uses pre-defined detection rules and focuses on statistics to uncover abnormalities which is very effective in compromise assessment. The output produced with a timeline that can be analyzed directly from Excel, Timeline Explorer, Timesketch, etc... Full information about the tool and how it's used in this article: introducing-apt-hunter-threat-hunting-tool-using-windows-event-log New Release Info: APT-HUNTER V3.0: Rebuilt with Multiprocessing and new cool features Author Twitter: @ahmed_khlief Linkedin: Ahmed Khlief Download APT-Hunter: Download the latest stable version of APT-Hunter with compiled binaries from Releases page. How to Use APT-Hunter: APT-Hunter built using python3 so in order to use the tool you need to install the required libraries. python3 -m pip install -r requirements.txt APT-Hunter is easy to use, you just use the argument -h to print help to see the options needed. python3 APT-Hunter.py -h Examples: Analyzing EVTX files, you can use the following command: python3 APT-Hunter.py -e <path_to_evt_file>
FEATURES
SIMILAR TOOLS
A tracker that detects and logs SYN packets with a specific signature generated by the Mirai malware, providing real-time information on Mirai-based campaigns.
ThreatMiner is a threat intelligence portal that aggregates data from various sources and provides contextual information related to indicators of compromise (IOCs).
A project that detects malicious SSL connections by identifying and blacklisting SSL certificates used by botnet C&C servers and identifying JA3 fingerprints to detect and block malware botnet C&C communication.
The Trystero Project is a threat intelligence platform that measures email security efficacy and provides various tools and resources, while VMware Carbon Black offers endpoint protection and workload security solutions.
A community-driven public malware repository providing access to malware samples, tools, and resources for the cybersecurity community.
In-depth threat intelligence reports and services providing insights into real-world intrusions, malware analysis, and threat briefs.
Search engine for Windows executable files and hashes, providing insights into file prevalence, behavior, and security information.
A free software that calculates the security ranking of Internet Service Providers to detect malicious activities.
CRITs is an open source malware and threat repository for collaborative threat defense and analysis.
PINNED
Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.
NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.