APT-Hunter
A threat hunting tool for Windows event logs to detect APT movements and decrease the time to uncover suspicious activity.
The Threat Hunter Playbook is a community-driven, open source project to share detection logic, adversary tradecraft, and resources to make detection development more efficient. All the detection documents in this project follow the structure of MITRE ATT&CK, categorizing post-compromise adversary behavior in tactical groups and are available in the form of interactive notebooks. The use of notebooks allows sharing text, queries, expected output, and code to help others run detection logic against pre-recorded security datasets locally or remotely through BinderHub cloud computing environments. The project aims to expedite the development of techniques and hypotheses for hunting campaigns, help security researchers understand patterns of behavior observed during post-exploitation, share resources to validate analytics, map pre-recorded datasets to adversarial techniques, and accelerate infosec learning through open source resources.
A threat hunting tool for Windows event logs to detect APT movements and decrease the time to uncover suspicious activity.
Curated datasets for developing and testing detections in SIEM installations.
Globally-accessible knowledge base of adversary tactics and techniques for cybersecurity.
A comprehensive list of APT groups and operations for tracking and mapping different names and naming schemes used by cybersecurity companies and antivirus vendors.
A tracker that detects and logs SYN packets with a specific signature generated by the Mirai malware, providing real-time information on Mirai-based campaigns.
Sigma is a generic and open signature format for SIEM systems and other security tools to detect and respond to threats.