Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
ThreatHunting-Keywords
Awesome list of keywords and artifacts for Threat Hunting sessions
https://github.com/mthcht/ThreatHunting-Keywords
Last synced: about 13 hours ago
JSON representation
-
Example use cases with `threathunting-keywords`:
-
Other awesome lists for detection
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- suspicious_named_pipe_list.csv
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- Suspicious Named pipes
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- intelligence gathering sheet
- HijackLibs Searches
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Guides
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- here
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- HijackLibs Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Suspicious Named pipes
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Phishing & DNSTWIST Searches
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- Browsers extensions Searches
- C2 hiding in plain sigh
- HTML Smuggling artifacts
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- suspicious_windows_firewall_rules_list.csv
- suspicious_http_user_agents_list.csv
- suspicious_usb_ids_list.csv
- suspicious_mac_address_list.csv
- suspicious_hostnames_list.csv
- executables_metadata_informations_list.csv
- dns_over_https_servers_list.csv
- hijacklibs_list.csv
- loldrivers_only_hashes_list.csv
- malicious_bootloaders_only_hashes_list.csv
- ssl_certificates_malicious_list.csv
- [permissions
- ransomware_extensions_list.csv
- ransomware_notes_list.csv
- windows_asr_rules.csv
- DNSTWIST Default Domains + script
- nordvpn_ips_list.csv
- protonvpn_ip_list.csv
- Default Lists + script
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- intelligence gathering sheet
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- Suspicious Named pipes
- intelligence gathering sheet
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- [suspicious_TLDs
- [suspicious ASNs
- suspicious_windows_services_names_list.csv
- suspicious_windows_tasks_list.csv
- suspicious_ports_list.csv
- intelligence gathering sheet
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- Suspicious Named pipes
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- intelligence gathering sheet
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- intelligence gathering sheet
- Windows Services Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Time Slipping detection
- Suspicious Named pipes
- intelligence gathering sheet
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
-
-
DFIR Hunt for keywords in files (No SIEM)
-
Other awesome lists for detection
-
-
What is Threat Hunting ?
-
Bridging Threat Hunting With Core Services
-
Threat Hunting Lifecycle in SOC Operations
-
Detection Maturity Level
-
Targeted Threat Hunting Methodology Example
-
Threat Hunting Checklist - Key Focus Areas for Intelligence Gathering
-
MITRE ATT&CK technique mapping
-
YARA Rules
- image
- image
- image
- image
- image
- image
- image
- image
- image
- Capture d'écran 2024-08-24 121019
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
-
Tools matrix
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
-
-
Files
-
Targeted Threat Hunting Methodology Example
-
For the redteam:
-
Programming Languages
Categories
Sub Categories
Other awesome lists for detection
371
YARA Rules
83
Tools matrix
75
Targeted Threat Hunting Methodology Example
7
Threat Hunting Lifecycle in SOC Operations
6
Bridging Threat Hunting With Core Services
6
Detection Maturity Level
6
For the redteam:
1
Threat Hunting Checklist - Key Focus Areas for Intelligence Gathering
1