Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/OTRF/ThreatHunter-Playbook
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
https://github.com/OTRF/ThreatHunter-Playbook
dfir hunter hunting hunting-campaigns hypothesis mitre mitre-attack-db sysmon threat-hunting
Last synced: about 1 month ago
JSON representation
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
- Host: GitHub
- URL: https://github.com/OTRF/ThreatHunter-Playbook
- Owner: OTRF
- License: mit
- Created: 2017-03-28T03:07:05.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2024-02-15T15:54:34.000Z (7 months ago)
- Last Synced: 2024-07-29T14:58:41.378Z (about 1 month ago)
- Topics: dfir, hunter, hunting, hunting-campaigns, hypothesis, mitre, mitre-attack-db, sysmon, threat-hunting
- Language: Python
- Homepage:
- Size: 32.9 MB
- Stars: 3,940
- Watchers: 369
- Forks: 799
- Open Issues: 7
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - OTRF/ThreatHunter-Playbook - A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient. (Python)
- awesome-starred - OTRF/ThreatHunter-Playbook - A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient. (others)
- StarryDivineSky - OTRF/ThreatHunter-Playbook
README
# The Threat Hunter Playbook
[](https://mybinder.org/v2/gh/OTRF/ThreatHunter-Playbook/master)
[](https://opensource.org/licenses/MIT)
[](https://twitter.com/HunterPlaybook)
[](https://twitter.com/OTR_Community)
[](https://github.com/ellerbrock/open-source-badges/)
The Threat Hunter Playbook is a community-driven, open source project to share detection logic, adversary tradecraft and resources to make detection development more efficient. All the detection documents in this project follow the structure of [MITRE ATT&CK](https://attack.mitre.org/) categorizing post-compromise adversary behavior in tactical groups and are available in the form of [interactive notebooks](https://docs.jupyter.org/en/latest/projects/architecture/content-architecture.html#the-jupyter-notebook-format). The use of notebooks not only allow us to share text, queries and expected output, but also code to help others run detection logic against [pre-recorded security datasets](https://securitydatasets.com) locally or remotely through [BinderHub](https://mybinder.readthedocs.io/en/latest/index.html) cloud computing environments.
## Docs: https://threathunterplaybook.com/
## Goals
* Expedite the development of techniques an hypothesis for hunting campaigns.
* Help security researchers understand patterns of behavior observed during post-exploitation.
* Share resources to validate analytics locally or remotely through cloud computing environments for free.
* Map pre-recorded datasets to adversarial techniques.
* Accelerate infosec learning through open source resources.
## Author
Roberto Rodriguez [@Cyb3rWard0g](https://twitter.com/Cyb3rWard0g)
## Official Committers
* Jose Luis Rodriguez [@Cyb3rPandaH](https://twitter.com/Cyb3rPandaH) is adding his expertise in data science to it.
## Acknowledgements
* We document and share our content via a [Jupyter Book](https://jupyterbook.org/intro.html) which was created by [Sam Lau](http://www.samlau.me/) and [Chris Holdgraf](https://predictablynoisy.com/) with support of the **UC Berkeley Data Science Education Program and the [Berkeley Institute for Data Science](https://bids.berkeley.edu/)**