This tool will help you on your IR & Threat Hunting & CA. just drop your event log file and anlayze the results. New Release Features: support windows (ThreatHound.exe) C for Linux based new vesion available in C also now you can save results in json file or print on screen it as you wantRead More
S3cret Scanner tool designed to provide a complementary layer for the Amazon S3 Security Best Practices by proactively hunting secrets in public S3 buckets. Can be executed as scheduled task or On-Demand Automation workflow The automation will perform the following actions: List the public buckets in the account (Set with ACL of Public or objectsRead More
The Sandbox Scryer is an open-source tool for producing threat hunting and intelligence data from public sandbox detonation output The tool leverages the MITRE ATT&CK Framework to organize and prioritize findings, assisting in the assembly of IOCs, understanding attack movement and in threat hunting By allowing researchers to send thousands of samples to a sandboxRead More
Sentinel ATT&CK aims to simplify the rapid deployment of a threat hunting capability that leverages Sysmon and MITRE ATT&CK on Azure Sentinel. DISCLAIMER: This tool requires tuning and investigative trialling to be truly effective in a production environment. Overview Sentinel ATT&CK provides the following tools: An ARM template to automatically deploy Sentinel ATT&CK to yourRead More
Grafiki is a Django project about Sysmon and graphs, for the time being. In my opinion EventViewer, Elastic and even Kibana, are not graphic enough. The current threats are complicated and if attackers think in graphs, defenders also must do it. This is a proof of concept, the code was not debugged jet but maybeRead More
Programmatically create hunting rules for deserialization exploitation with multiple keywords (e.g. cmd.exe) gadget chains (e.g. CommonsCollection) object types (e.g. ViewState, Java, Python Pickle, PHP) encodings (e.g. Base64, raw) rule types (e.g. Snort, Yara) Disclaimer Rules generated by this tool are intended for hunting/research purposes and are not designed for high fidelity/blocking purposes. Please test thoroughlyRead More
The VulFi (Vulnerability Finder) tool is a plugin to IDA Pro which can be used to assist during bug hunting in binaries. Its main objective is to provide a single view with all cross-references to the most interesting functions (such as strcpy, sprintf, system, etc.). For cases where a Hexrays decompiler can be used, itRead More
A Powershell module to run threat hunting playbooks on data from Azure and O365 for Cloud Forensics purposes. Getting Started 1. Check that you have the right O365 Permissions The following roles are required in Exchange Online, in order to be able to have read only access to the UnifiedAuditLog: View-Only Audit Logs or AuditRead More
This tool can scan websites with CVE-2021-41773 Vulnerability that are affecting Apache2 Webserver, ScaRCE can run too for executing Remote Command Injections at the webservers that found from the scanning method (Only if the MOD_CGI is Enabled at the targeted webserver). This tool works with the provided Single target or Mass Target from a fileRead More
VERSION 3.6 Code efficiency enhancements and bug fixes for plugins, and improved logging. Significant UI/UX enhancements. Organisation specific settings and configurations, allowing for predefined searches based on your organisation and it’s users. Due to the above change, if you are upgrading from version 3.4, a major update has been made to the config.json file. InRead More
