Stars
✨ A curated list of awesome threat detection and hunting resources 🕵️♂️
An evolving repository of CloudTrail events with detailed descriptions, MITRE ATT&CK insights, real-world incidents, references and security implications
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown
AWS Attack Path Management Tool - Walking on the Moon
All-in-one auditing toolkit for identifying common security issues in managed Kubernetes environments. Currently supports Amazon EKS.
CloudGrappler is a purpose-built tool designed for effortless querying of high-fidelity and single-event detections related to well-known threat actors in popular cloud environments such as AWS and…
Released at Black Hat Asia on April 18, 2024, Cloud Console Cartographer is a framework for condensing groupings of cloud events (e.g. CloudTrail logs) and mapping them to the original user input a…
Threatest is a CLI and Go framework for end-to-end testing threat detection rules.
Docker configuration to quickly setup your own Canarytokens.
A canary designed to minimize the impact from certain Ransomware actors
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.
Uses Sharphound, Bloodhound and Neo4j to produce an actionable list of attack paths for targeted remediation.
Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as wel…
How to systematically secure anything: a repository about security engineering
Demisto SDK - Create Demisto Content with ease and efficiency
OS X has no ability to programmatically add to the keychain without leaking it to the process list, this is meant to do that.
Cloud-native SIEM for intelligent security analytics for your entire enterprise.
A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk