SPLUNK

Awesome Security Tools

Security Tools

YARA and SIGMA Information

DetectRaptor | A repository to share publicly available bulk Velociraptor detection content

Awesome Security on Github

Security Onion: Threat hunting, enterprise security monitoring, and log management

Elastic Stack

Velociraptor Endpoint visibility and collection tool

SPLUNK Security and Observability Platform

AlienVault OSSIM (SIEM)

OSSEC

Wazuh a free and open source security platform that unifies XDR and SIEM

Apache Metron (SIEM)

SIEMonster

MozDef: Mozilla Defense Platform (SIEM)

Suricata Intrusion Detection

Zeek Network Security Monitoring Tool

OWASP Dependency Checker a software composition analysis utility

RPC Investigator for enumerating, decompiling/parsing and communicating with RPC servers

GTFOBins

GTFOArgs

LOLBAS, Living off the Land Binaries

Strengthening AD Password Security with PowerShell | Evotec

---

Network Traffic

Awesome PCAP Tools

---

On Detection

On Detection | SpecterOPS

What to Log

Awesome Detection Engineering | GitHub

---

Information Sharing

OpenCTI

MISP - Open Source Threat Intelligence and Sharing Platform

The Hive

First Incident Response (FIR)

FAME is a recursive acronym meaning “FAME Automates Malware Evaluation

---

Threat Hunting

AC Hunter | Active Countermeasures

Real Intelligence Threat Analytics (RITA) | Active Countermeasures

Threathunting. Frequency analysis to identify C2 over DNS

THREAT HUNTING USE CASE: DNS QUERIES | ReliaQuest

Threat Hunting using DNS logs

Linux: Threat Hunting for persistence | GitHub

---

Rule Collections

Content library is updated daily to address over 94% of MITRE ATT&CK® and improve MTTD and MTTR of your SOC

---

Communications

MatterMost

---

Cheat Sheets

A number of different cheatsheets for defense and offense | GitHub