threathunting
hashlookup-forensic-analyser
threathunting | hashlookup-forensic-analyser | |
---|---|---|
3 | 5 | |
1,102 | 116 | |
- | 3.4% | |
1.7 | 5.5 | |
9 months ago | 7 months ago | |
Python | Python | |
MIT License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
threathunting
-
Breaking down MITRE ATT&CK for ICS techniques into MON Requirements?
Olaf has a Splunk module for 'threat hunting' that's mapped to the Enterprise Mitre framework, might be a good example for some components - https://github.com/olafhartong/ThreatHunting - Note: If you just blindly install it... It's pretty rough on the search head...
-
How to extract hash value from hashes field from sysmon log.
Well i'm working with this ThreatHunting app (https://github.com/olafhartong/ThreatHunting) basicly we utilize Mitre Attack framework to create sysmon rule in order to detect malwares and attacks on your computer. I'm trying to create a custom script scan the process hashes to check weather it is a threat or not cause
-
How to extract
ThreatHunting app: https://github.com/olafhartong/threathunting/
hashlookup-forensic-analyser
- hashlookup-forensic-analyser: Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/
- Hashlookup-Forensic-Analyser
- Hashlookup forensic analyser version 0.8 released including a report functionality
- Hashlookup forensic analyser – finding known files for digital forensic triage
What are some alternatives?
Incident-Playbook - GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]
APT-Hunter - APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
sysmon-modular - A repository of sysmon configuration modules
RELY - RELY (Name composed on project members Romy, Esther, Lucille and Yassir) is a python tool developed to help a Digital Forensics Triage procedure on some Microsoft Windows devices.
splunk-connect-for-syslog - Splunk Connect for Syslog
PurpleCloud - A little tool to play with Azure Identity - Azure Active Directory lab creation tool
threathunting-spl - Splunk code (SPL) for serious threat hunters and detection engineers.
python-bloom-filter - Bloom filter for Python
splunk-spl - SPL cheatsheet for Splunk.
misp-warninglists - Warning lists to inform users of MISP about potential false-positives or other information in indicators
ChatGPT-4-Splunk - Splunk TA for sending completion requests to ChatGPT
atc-react - A knowledge base of actionable Incident Response techniques