Top 17 cyber-threat-intelligence Open-Source Projects

• Reverse-Engineering-Tutorial

  17 10,077 8.6 Assembly

  A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.

Project mention: New embedded and Rust hacking tutorials added - For anyone that missed my last post. Kevin Thomas is my mentor. We are both working together to bring free and low cost resources to those who are looking to learn and don't have money for expensive bootcamps/certs. Please enjoy his free tutorials! | /r/ReverseEngineering | 2023-10-27

• IntelOwl

  13 3,124 9.8 Python

  IntelOwl: manage your Threat Intelligence at scale

  

Project mention: Monthly Security Checklist | /r/msp | 2023-06-25

• InfluxDB

  www.influxdata.com featured

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• cti

  1 1,636 6.0

  Cyber Threat Intelligence Repository expressed in STIX 2.0

  

• adversary_emulation_library

  8 1,555 9.5 C

  An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.

  

Project mention: What adversary emulation options are there nowadays to test SIEMs and IDSs? | /r/AskNetsec | 2023-11-07

Unfortunately I don't have the background and knowledge of cybersecurity needed to plan a pentest of my own. Also, it would be more interesting to emulate the attacks of actual APTs known in the wild. So far, I've tested Caldera, Invoke-AtomicRedTeam and manual tests from CTID's adversary emulation library: https://github.com/center-for-threat-informed-defense/adversary_emulation_library

• Hacking-Windows

  4 1,254 0.0 C

  A FREE Windows C development course where we will learn the Win32API and reverse engineer each step utilizing IDA Free in both an x86 and x64 environment.

• Cortex

  4 1,253 4.1 Scala

  Cortex: a Powerful Observable Analysis and Active Response Engine (by TheHive-Project)

  

• attack-flow

  5 503 8.9 TypeScript

  Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flows for a small corpus of incidents, and creating visualization tools to display attack flows.

  

• SaaSHub

  www.saashub.com featured

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

• tram

  3 394 7.9 Jupyter Notebook

  TRAM is an open-source platform designed to advance research into automating the mapping of cyber threat intelligence reports to MITRE ATT&CK®.

  

• attack-stix-data

  58 287 4.1 Python

  STIX data representing MITRE ATT&CK

  

Project mention: Mitre ATT&CK: knowledge base of adversary tactics and techniques | news.ycombinator.com | 2023-12-21

• Karakurt-Hacking-Team-CTI

  2 32 0.0 CSS

  IOC Data Obtained From Karakurt Hacking Team's Internal Infrastructure

• stix2.1-coa-playbook-extension

  1 21 2.6

  A STIX 2.1 Extension Definition for the Course of Action (COA) object type. The nested property extension allows a COA to share machine-readable security playbooks such as CACAO Security Playbooks

  

• Go-MISPFeedGenerator

  6 16 0.0 Go

  Golang implementation of PyMISP-feedgenerator

• 0x01-ARM-32-Hacking-Hello-World

  2 12 0.0 Assembly

  ARM 32-bit Raspberry Pi Hacking Hello World example in Kali Linux.

• 0x02-ARM-32-Hacking-Int

  3 11 0.0 C

  ARM 32-bit Raspberry Pi Hacking Int example in Kali Linux.

• enterpriseattack

  1 9 2.7 Python

  A lightweight Python module to interact with the Mitre Att&ck Enterprise dataset.

• CyberSecurityAuditScript

  3 9 4.0 Python

  Security audit script decreases info gathering from average of 5 minutes, to 20 seconds, and returns everything into a textfile.

• ti_scraper

  1 6 7.1 Python

  Highly configurable scripts for a web scraper intended to be used for cyber threat intelligence

Project mention: Adding Proxy to existing Scraper | /r/webscraping | 2023-11-04

because I'm not a developer, I took this project https://github.com/sandra-liedtke/ti_scraper to help me.

• SaaSHub

  www.saashub.com featured

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

cyber-threat-intelligence related posts

• Attack Flow v2.0.1 — a language for describing how cyber adversaries combine and sequence various offensive techniques to achieve their goals

  1 project | /r/blueteamsec | 10 Apr 2023

• Is there a Mitre Att&ck mapping to NIST Threat Events?

  2 projects | /r/AskNetsec | 6 Sep 2022

• I'm the CINO of Tidal Cyber, and previously founded MITRE's ATT&CK® Evaluations. AMA!

  1 project | /r/cybersecurity | 22 Jul 2022

• PURPLE TEAM LEADERSHIP METRICS?

  1 project | /r/purpleteamsec | 14 Jun 2022

• Tooling for Purple Teaming

  5 projects | /r/purpleteamsec | 14 Jun 2022

• This report shows strong connection between two notorious Cyber Threat Actors called Conti and Karakurt - "At the beginning of Conti leak in February 27, 2022 we are able to get inside multiple Protonmail and Mega Upload accounts used by one of the key members of Conti group"

  1 project | /r/blueteamsec | 3 May 2022

• NIST 800-53 Control Mappings to MITRE ATT&CK. Pretty handy, if you like that sort of thing…

  1 project | /r/netsecstudents | 13 Jan 2022
• A note from our sponsor - InfluxDB
  www.influxdata.com | 13 May 2024

  Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com