Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/A3sal0n/CyberThreatHunting

A collection of resources for Threat Hunters
https://github.com/A3sal0n/CyberThreatHunting

cybersecurity dfir incident-response threat-hunting threat-intelligence

Last synced: about 1 month ago
JSON representation

A collection of resources for Threat Hunters

Awesome Lists containing this project

README

        

# Cyber Threat Hunting
A collection of tools and other resources for threat hunters.

## Sections
- [Hunting Tools](#hunting-tools) - A collection of our open source tools for hunting
- [Resources](#resources) - Useful resources to get started in Threat Hunting
- [Hunting with AI](#hunting-with-ai) - Leverage the power of ChatGPT prompts for Threat Hunting
- [Must Read](#must-read) - Articles and blog posts covering different aspects of Threat Hunting
- [Custom Scripts](tools/README.md) - Our own tools and scripts to support different types of hunts

### Hunting Tools
- [Velociraptor](https://docs.velociraptor.app/)
- [Facebook's osquery](https://osquery.io/)
- [Google's GRR](https://github.com/google/grr)
- [Logging, searching and visualization with ELK](https://www.elastic.co/products/elasticsearch)
- [Back to Basics: Enhance Windows Security with Sysmon and Graylog](https://www.graylog.org/blog/83-back-to-basics-enhance-windows-security-with-sysmon-and-graylog)
- [Building a Sysmon Dashboard with an ELK Stack](https://cyberwardog.blogspot.cz/2017/03/building-sysmon-dashboard-with-elk-stack.html)
- [Advanced Sysmon configuration, Installer & Auto Updater with high-quality event tracing](https://github.com/ion-storm/sysmon-config)
- [Advanced Threat detection Configurations for Graylog](https://github.com/ion-storm/Graylog_Sysmon)
- [Elk + Osquery + Kolide Fleet = Love](https://jordanpotti.com/2018/02/16/elk-osquery-kolide-fleet-love/) - Hunting with ELK, Osquery and Kolide Fleet
- [CyLR — Live Response Collection tool](https://github.com/orlikoski/CyLR)
- [Unix-like Artifacts Collector](https://github.com/tclahr/uac)
- [Kroll Artifact Parser And Extractor (KAPE)](https://www.kroll.com/en/services/cyber-risk/incident-response-litigation-support/kroll-artifact-parser-extractor-kape)
- [Chainsaw - Rapidly Search and Hunt through Windows Forensic Artefacts](https://github.com/WithSecureLabs/chainsaw)
- [evtx-hunter - Python tool that generates a web report of interesting activity observed in EVTX files](https://github.com/NVISOsecurity/evtx-hunter)

### Resources
- [MITRE ATT&CK](https://attack.mitre.org/wiki/Main_Page) - A curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s lifecycle and the platforms they are known to target.
- [MITRE CAR](https://car.mitre.org/wiki/Main_Page) - A knowledge base of analytics developed by MITRE based on the Adversary Tactics, Techniques, and Common Knowledge (ATT&CK™) threat model.
- [Threat Hunting with Bro IDS](https://www.jamesbower.com/threat-hunting-with-bro-ids/?utm_campaign=crowdfire&utm_content=crowdfire&utm_medium=social&utm_source=social#14225595-tw%231487983917678)
- [Automating APT Scanning with Loki Scanner and Splunk](http://www.redblue.team/2017/04/automating-apt-scanning-with-loki.html?m=1)
- [The ThreatHunting Project](https://github.com/ThreatHuntingProject/ThreatHunting) - A great collection of hunts by @DavidJBianco
- [Threat Hunting Techniques - AV, Proxy, DNS and HTTP Logs](http://www.brainfold.net/2016/08/threat-hunting-techniques-av-proxy-dns.html)
- [Cyber Threat hunting with Sqrrl (From Beaconing to Lateral Movement)](https://cyber-ir.com/2017/04/19/cyber-threat-hunting-with-sqrrl-from-beaconing-to-lateral-movement/amp/)
- [The ThreatHunter-Playbook](https://github.com/VVard0g/ThreatHunter-Playbook) - Hunting by leveraging Sysmon and Windows Events logs
- [Detecting Lateral Movement through Tracking Event Logs](https://www.jpcert.or.jp/english/pub/sr/20170612ac-ir_research_en.pdf)
- [How to build a Threat Hunting platform using ELK Stack](https://www.peerlyst.com/posts/how-to-build-a-threat-hunting-platform-using-elk-stack-chiheb-chebbi?utm_source=LinkedIn&utm_medium=Application_Share&utm_content=peerlyst_post&utm_campaign=peerlyst_shared_post)
- [Endpoint Detection of Remote Service Creation and PsExec](https://countercept.com/blog/endpoint-detection-of-remote-service-creation-and-psexec/) - Hunting for lateral movement with Event Tracing for Windows (ETW)

### Hunting with AI
- [10 ways to use ChatGPT for Threat Hunting](https://infosecwriteups.com/learn-10-ways-to-use-chatgpt-for-threat-hunting-right-now-9fab5507f3b8)
- [ChatGPT for CTI Professionals](https://socradar.io/chatgpt-for-cti-professionals/)
- [Complete ChatGPT Guide for DevSecOps: Top 20 Most Essential Prompts](https://levelup.gitconnected.com/complete-chatgpt-guide-for-devsecops-top-20-most-essential-prompts-ef21e0aa4830)
- [ChatGPT Use Cases for CyberSecurity Folks](https://atrhein.medium.com/chatgpt-use-cases-for-cybersecurity-folks-c4ae83656b92)
- [60 Chat GPT Prompts for Cyber Security by Experts](https://nextdoorsec.com/chat-gpt-prompts-for-cyber-security/)

### Must Read
- [Threat Hunting:Open Season on the Adversary](https://www.sans.org/reading-room/whitepapers/analyst/threat-hunting-open-season-adversary-36882)
- [The Who, What, Where, When, Why and How of Effective Threat Hunting](https://www.sans.org/reading-room/whitepapers/analyst/who-what-where-when-effective-threat-hunting-36785)
- [Incident Response is Dead... Long Live Incident Response](https://medium.com/@sroberts/incident-response-is-dead-long-live-incident-response-5ba1de664b95)
- [Hunting, and Knowing What To Hunt For](http://windowsir.blogspot.cz/2015/06/hunting-and-knowing-what-to-huntnot-for.html)
- [Cyber Hunting: 5 Tips To Bag Your Prey](http://www.darkreading.com/risk/cyber-hunting-5-tips-to-bag-your-prey/a/d-id/1319634?_mc=RSS_DR_EDT)
- [A Simple Hunting Maturity Model](http://detect-respond.blogspot.cz/2015/10/a-simple-hunting-maturity-model.html)
- [A Framework for Cyber Threat Hunting](http://sqrrl.com/media/Framework-for-Threat-Hunting-Whitepaper.pdf)
- [Seek Evil, and Ye Shall Find: A Guide to Cyber Threat Hunting Operations](https://digitalguardian.com/blog/seek-evil-and-ye-shall-find-guide-cyber-threat-hunting-operations)
- [A Guide to Cyber Threat Hunting Operations](https://www.infosecurity-magazine.com/opinions/a-guide-to-cyber-threat-hunting/)
- [Inside 3 top threat hunting tools](http://www.networkworld.com/article/3150473/security/threat-hunting-tools-could-be-a-security-game-changer.html#slide13) - High level overview of Sqrrl, Infocyte and EndGame
- [True Threat Hunting: more than just threats and anomalies](http://www.baesystems.com/en/cybersecurity/blog/true-threat-hunting#) - Some valid thoughts on what's needed for an effective Threat Hunting program