ThreatHunting-Keywords
Awesome list of keywords and artifacts for Threat Hunting sessions
https://github.com/mthcht/ThreatHunting-Keywords
Last synced: 5 days ago
JSON representation
-
Example use cases with `threathunting-keywords`:
-
Other awesome lists for detection
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- intelligence gathering sheet
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- suspicious_named_pipe_list.csv
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- intelligence gathering sheet
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious Named pipes
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- Suspicious Named pipes
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- intelligence gathering sheet
- HijackLibs Searches
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Guides
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Suspicious TLDs Searches
- intelligence gathering sheet
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- intelligence gathering sheet
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- here
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- HijackLibs Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Suspicious Named pipes
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Phishing & DNSTWIST Searches
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- intelligence gathering sheet
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- Browsers extensions Searches
- C2 hiding in plain sigh
- HTML Smuggling artifacts
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- intelligence gathering sheet
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- suspicious_windows_firewall_rules_list.csv
- suspicious_http_user_agents_list.csv
- suspicious_usb_ids_list.csv
- suspicious_mac_address_list.csv
- suspicious_hostnames_list.csv
- executables_metadata_informations_list.csv
- dns_over_https_servers_list.csv
- hijacklibs_list.csv
- loldrivers_only_hashes_list.csv
- malicious_bootloaders_only_hashes_list.csv
- ssl_certificates_malicious_list.csv
- [permissions
- ransomware_extensions_list.csv
- ransomware_notes_list.csv
- windows_asr_rules.csv
- DNSTWIST Default Domains + script
- nordvpn_ips_list.csv
- protonvpn_ip_list.csv
- Default Lists + script
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- intelligence gathering sheet
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- Suspicious Named pipes
- intelligence gathering sheet
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- [suspicious_TLDs
- [suspicious ASNs
- suspicious_windows_services_names_list.csv
- suspicious_windows_tasks_list.csv
- suspicious_ports_list.csv
- intelligence gathering sheet
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- Suspicious Named pipes
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- intelligence gathering sheet
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- intelligence gathering sheet
- Windows Services Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- intelligence gathering sheet
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Time Slipping detection
- Suspicious Named pipes
- intelligence gathering sheet
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- intelligence gathering sheet
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- Time Slipping detection
- Suspicious Named pipes
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- intelligence gathering sheet
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Time Slipping detection
- Suspicious Named pipes
- intelligence gathering sheet
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- intelligence gathering sheet
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- intelligence gathering sheet
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- Time Slipping detection
- intelligence gathering sheet
- Windows Services Searches
- User-Agents Searches
- PSEXEC & similar tools Searches
- Suspicious Named pipes
- intelligence gathering sheet
- Windows Services Searches
- User-Agents Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- DNS Over HTTPS Searches
-
-
DFIR Hunt for keywords in files (No SIEM)
-
Other awesome lists for detection
-
-
What is Threat Hunting ?
-
Bridging Threat Hunting With Core Services
-
Threat Hunting Lifecycle in SOC Operations
- SOC_Process_Threat_Hunting_to_detection
- SOC_Process_Threat_Hunting_to_detection
- image
- SOC_Process_Threat_Hunting_to_detection
- image
- SOC_Process_Threat_Hunting_to_detection
- SOC_Process_Threat_Hunting_to_detection
- image
- image
- image
- image
- image
- image
- SOC_Process_Threat_Hunting_to_detection
- image
- SOC_Process_Threat_Hunting_to_detection
- SOC_Process_Threat_Hunting_to_detection
- SOC_Process_Threat_Hunting_to_detection
- SOC_Process_Threat_Hunting_to_detection
- SOC_Process_Threat_Hunting_to_detection
-
Detection Maturity Level
-
Targeted Threat Hunting Methodology Example
-
Threat Hunting Checklist - Key Focus Areas for Intelligence Gathering
-
MITRE ATT&CK technique mapping
-
YARA Rules
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- Capture d'écran 2024-08-24 121019
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
-
Tools matrix
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
- image
-
-
Files
-
Targeted Threat Hunting Methodology Example
-
For the redteam:
-
Programming Languages
Categories
Sub Categories
Other awesome lists for detection
525
YARA Rules
139
Tools matrix
117
Targeted Threat Hunting Methodology Example
21
Threat Hunting Lifecycle in SOC Operations
20
Bridging Threat Hunting With Core Services
20
Detection Maturity Level
20
For the redteam:
1
Threat Hunting Checklist - Key Focus Areas for Intelligence Gathering
1