Endpoint Detection of Remote Service Creation and PsExec - F-Secure Blog
Lateral movement is when attackers move from a compromised host to other hosts to expand their access and reach their goal. If threat hunters can detect malicious activity on an endpoint they may see similar indicators appearing on new machines when lateral movement has occurred. But if they can detect the lateral movement as it […]
GitHub - last-byte/PersistenceSniper: Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Made with ❤️ by @last0x00 and @dottor_morte
Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Made with ❤️ by @last0x00 and @dottor_morte - Git...
GitHub - decalage2/awesome-security-hardening: A collection of awesome security hardening guides, tools and other resources
A collection of awesome security hardening guides, tools and other resources - GitHub - decalage2/awesome-security-hardening: A collection of awesome security hardening guides, tools and other reso...
GitHub - scipag/HardeningKitty: HardeningKitty - Checks and hardens your Windows configuration
HardeningKitty - Checks and hardens your Windows configuration - GitHub - scipag/HardeningKitty: HardeningKitty - Checks and hardens your Windows configuration
GitHub - matanolabs/matano: Open source cloud-native security lake platform (SIEM alternative) for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS 🦀
Open source cloud-native security lake platform (SIEM alternative) for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS 🦀 - GitHub - matanolabs/mat...
ONYPHE is a Cyber Defense Search Engine for open-source and cyber threat intelligence data collected by crawling various sources available on the Internet or by listening to Internet background noise. ONYPHE does correlate this information with data gathered by performing active Internet scanning for connected devices and also by crawling Web site URLs. It then normalizes information and makes it available via an API and its query language.
GitHub - fox-it/dissect: This project is a meta package, it will install all other Dissect modules with the right combination of versions.
This project is a meta package, it will install all other Dissect modules with the right combination of versions. - GitHub - fox-it/dissect: This project is a meta package, it will install all othe...
GitHub - 0xtavian/awesome-attack-surface-monitoring: Curated list of open-source & paid Attack Surface Monitoring (ASM) tools.
Curated list of open-source & paid Attack Surface Monitoring (ASM) tools. - GitHub - 0xtavian/awesome-attack-surface-monitoring: Curated list of open-source & paid Attack Surface Mo...
GitHub - StrangerealIntel/Orion: A YARA rules repository continuously updated for monitoring the old and new threats from articles, incidents responses ...
A YARA rules repository continuously updated for monitoring the old and new threats from articles, incidents responses ... - GitHub - StrangerealIntel/Orion: A YARA rules repository continuously up...
FireHOL IP Lists | IP Blacklists | IP Reputation Feeds
350+ IP blacklists, IP blocklists and IP Reputation feeds, about Cybercrime, Fraud, Botnets, Μalware, Virus, Abuse, Attacks, Open Proxies, Anonymizers. See their changes and updates, size over time, retention policy, geographic coverage, comparisons and overlaps.
GitHub - arkime/arkime: Arkime (formerly Moloch) is an open source, large scale, full packet capturing, indexing, and database system.
Arkime (formerly Moloch) is an open source, large scale, full packet capturing, indexing, and database system. - GitHub - arkime/arkime: Arkime (formerly Moloch) is an open source, large scale, ful...
Endpoint Behavioral Insights for Security Analysts and IT Professionals. Search our Insights database for filenames and hashes to see how Windows processes behave in the wild.