TheHive: a Scalable, Open Source and Free Security Incident Response Platform

Documentation of TheHive

Real-time HTTP Intrusion Detection

Cortex: a Powerful Observable Analysis and Active Response Engine

本项目致力于收集网上公开来源的威胁情报，主要关注信誉类威胁情报（如IP/域名等），以及事件类威胁情报。

Curated Intelligence is working with analysts from around the world to provide useful information to organisations in Ukraine looking for additional free threat intelligence. Slava Ukraini. Glory to Ukraine.

Repository of YARA rules made by Trellix ATR Team

The OSINT Omnibus (beta release)

Historical list of {Cobalt Strike,NanoHTTPD} servers

Bringing you the best of the worst files on the Internet.

Automatically created C2 Feeds

Awesome list of keywords and artifacts for Threat Hunting sessions

Simple, effective, and modular package for parsing observables (indicators of compromise (IOCs), network data, and other, security related information) from text. It uses grammars rather than regexes which makes it more readable, maintainable, and hackable. Explore our interactive documentation here: https://hightower.space/ioc-finder/

Awesome Security lists for SOC/CERT/CTI

Open Dataset of Cobalt Strike Beacon metadata (2018-2022)

Explore Indicators of Compromise Automatically

Detect webshells dropped on Microsoft Exchange servers exploited through "proxylogon" group of vulnerabilites (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065)

👾 𝘁𝗼𝗼𝗹𝘀 𝗳𝗼𝗿 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗿𝗲𝘀𝗲𝗮𝗿𝗰𝗵𝗲𝗿𝘀: 𝗽𝗲𝗻𝘁𝗲𝘀𝘁𝗶𝗻𝗴, 𝗖𝗧𝗙𝘀 & 𝘄𝗮𝗿𝗴𝗮𝗺𝗲𝘀

BlackBerry Threat Research & Intelligence

Extract indicators of compromise from text, including "escaped" ones.