https://github.com/mthcht/mthcht

https://github.com/mthcht/mthcht

Last synced: 4 months ago
JSON representation

• Host: GitHub
• URL: https://github.com/mthcht/mthcht
• Owner: mthcht
• Created: 2023-01-03T14:06:32.000Z (over 3 years ago)
• Default Branch: main
• Last Pushed: 2025-06-13T17:32:57.000Z (about 1 year ago)
• Last Synced: 2025-06-13T18:34:03.207Z (about 1 year ago)
• Size: 16.7 MB
• Stars: 5
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# Hi there 👋

## 🕵️‍♂️ What I Offer

  - 🔭 Threat Hunting

  - 💡 Detection Engineering Tips

  - :newspaper: Detection Lists

  - 🔍 DFIR Artifacts Insights

  - :vampire: Purple Teaming

  - :file_cabinet: Event Logs Analysis

## 🚀 Featured Projects

- 📜 [My Detection Lists for SOC/DFIR](https://github.com/mthcht/awesome-lists/tree/main/Lists)

- 🧪 [PurpleTeam scripts and notes](https://github.com/mthcht/Purpleteam)

- 👁️ [LOLC2](https://github.com/lolc2/lolc2.github.io)

- 🆔 [BADGUIDs](https://github.com/BADGUIDS)

- 🕳️ [SINKHOLED](https://github.com/sinkholed/sinkholed.github.io)

- 📖 [Threat Intelligence Reports Database](https://github.com/mthcht/ThreatIntel-Reports)

- 🐾 [**Threat Hunting artifacts**](https://github.com/mthcht/ThreatHunting-Keywords)

  - 🛠️ [Threat Hunting yara rules](https://github.com/mthcht/ThreatHunting-Keywords-yara-rules)

## 🧠 Blog Posts

  

- [Threat Hunting - Suspicious Named pipes](https://medium.com/detect-fyi/threat-hunting-suspicious-named-pipes-a4206e8a4bc8)

- [Event Log Manipulations - Time slipping](https://medium.com/detect-fyi/event-log-manipulations-1-time-slipping-55bf95631c40)

- [Threat Hunting - Suspicious Service names](https://medium.com/detect-fyi/threat-hunting-suspicious-windows-service-names-2f0dceea204c)

- [Threat Hunting - Suspicious User-agents](https://medium.com/detect-fyi/threat-hunting-suspicious-user-agents-3dd764470bd0)

- [Detecting DNS over HTTPS](https://medium.com/detect-fyi/detecting-dns-over-https-30fddb55ac78)

- [Threat Hunting - Suspicious TLDs](https://medium.com/detect-fyi/threat-hunting-suspicious-tlds-a742c2adbf58)

- [OSINT - Catching my hacker via leaked datases](https://medium.com/the-first-digit/catching-my-hacker-via-leaked-databases-75f4545eb5b7)

- [Detecting DLL Hijacking techniques from HijackLibs With Splunk](https://medium.com/detect-fyi/detect-dll-hijacking-techniques-from-hijacklibs-with-splunk-c760d2e0656f)

- [How Threat Actors use Pastebin](https://medium.com/detect-fyi/how-threat-actors-use-pastebin-69a78c149ccf)

- [Detecting Phishing attempts with DNSTWIST](https://medium.com/detect-fyi/detecting-phishing-attempts-with-dnstwist-37c426b3bbb8)

- [File Integrity monitoring with Auditd](https://medium.com/detect-fyi/file-integrity-monitoring-with-auditd-b9423a52feef)

- [How Threat Actors use Github](https://medium.com/detect-fyi/how-threat-actors-use-github-bd991c11ed37)

- [Detecting Browser extensions installations](https://medium.com/@mthcht/detecting-browser-extensions-installations-e0ac2b45c46b)

- [C2 Hiding in plain sight](https://medium.com/@mthcht/c2-hiding-in-plain-sight-7a83963b9344)

- [Detecting PSEXEC and similar tools](https://medium.com/detect-fyi/detecting-psexec-and-similar-tools-c812bf3dca6c)

- [Detecting Phishing attempts with Wetransfer](https://medium.com/@mthcht/detect-phishing-attempts-with-wetransfer-7b6c87cad4a6)

- [Detecting HTML smuggling Phishing attempts](https://medium.com/detect-fyi/detecting-html-smuggling-phishing-attempts-15af824e60e4)

- More content on [Medium](https://mthcht.medium.com/) and [Twitter](https://x.com/mthcht)/[BlueSky](https://bsky.app/profile/mthcht.bsky.social)