ThreatHunting
Tools for hunting for threats. (by GossiTheDog)
signature-base
Signature base for my scanner tools (by Neo23x0)
Our great sponsors
| ThreatHunting | signature-base | |
|---|---|---|
| 1 | 7 | |
| 295 | 1,676 | |
| - | - | |
| 3.9 | 9.0 | |
| 18 days ago | 11 days ago | |
| YARA | YARA | |
| GNU General Public License v3.0 only | GNU General Public License v3.0 or later |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ThreatHunting
Posts with mentions or reviews of ThreatHunting.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2021-07-26.
signature-base
Posts with mentions or reviews of signature-base.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2021-12-20.
-
Nvidia Breach
If you have a Yara detection platform, Florian Roth’s rules should detect executables signed with this. https://github.com/Neo23x0/signature-base/blob/master/yara/gen_nvidia_leaked_cert.yar.
-
Evidence of a log4j attack found - Now what?
Uses these YARA rules to read JAR, LOG, and TXT files on the system, throwing warnings if any log4shell-looking payloads are found based on those various rules.
- Yara rule to detect ProxyToken exploitation
-
APT29 / NOBELIUM VirusTotal retro hunt results using 12 newly release Yara rules
Rules https://github.com/Neo23x0/signature-base/blob/master/yara/apt_apt29_nobelium_may21.yar
- What are the best FOSS YARA rules you would recommend to deploy?
- OISD Domain Blocklist
-
At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software
Is this what he's writing about that anyone can use to scan for backdoors? https://github.com/Neo23x0/signature-base/blob/master/yara/apt_hafnium.yar
What are some alternatives?
When comparing ThreatHunting and signature-base you can also consider the following projects:
malware-ioc - Indicators of Compromises (IOC) of our various investigations
Loki - Loki - Simple IOC and Incident Response Scanner
sysmon-config - Sysmon configuration file template with default high-quality event tracing
awesome-yara - A curated list of awesome YARA rules, tools, and people.
reversinglabs-yara-rules - ReversingLabs YARA Rules
MISP - MISP (core software) - Open Source Threat Intelligence and Sharing Platform
PetitPotam - PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.