Cyber Threat Hunting

A collection of tools and other resources for threat hunters.

Sections

• Hunting Tools - A collection of our open source tools for hunting
• Resources - Useful resources to get started in Threat Hunting
• Hunting with AI - Leverage the power of ChatGPT prompts for Threat Hunting
• Must Read - Articles and blog posts covering different aspects of Threat Hunting
• Custom Scripts - Our own tools and scripts to support different types of hunts

Hunting Tools

• Velociraptor
• Facebook's osquery
• Google's GRR
• Logging, searching and visualization with ELK
• Back to Basics: Enhance Windows Security with Sysmon and Graylog
• Building a Sysmon Dashboard with an ELK Stack
• Advanced Sysmon configuration, Installer & Auto Updater with high-quality event tracing
• Advanced Threat detection Configurations for Graylog
• Elk + Osquery + Kolide Fleet = Love - Hunting with ELK, Osquery and Kolide Fleet
• CyLR — Live Response Collection tool
• Unix-like Artifacts Collector
• Kroll Artifact Parser And Extractor (KAPE)
• Chainsaw - Rapidly Search and Hunt through Windows Forensic Artefacts
• evtx-hunter - Python tool that generates a web report of interesting activity observed in EVTX files

Resources

• MITRE ATT&CK - A curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s lifecycle and the platforms they are known to target.
• MITRE CAR - A knowledge base of analytics developed by MITRE based on the Adversary Tactics, Techniques, and Common Knowledge (ATT&CK™) threat model.
• Threat Hunting with Bro IDS
• Automating APT Scanning with Loki Scanner and Splunk
• The ThreatHunting Project - A great collection of hunts by @DavidJBianco
• Threat Hunting Techniques - AV, Proxy, DNS and HTTP Logs
• Cyber Threat hunting with Sqrrl (From Beaconing to Lateral Movement)
• The ThreatHunter-Playbook - Hunting by leveraging Sysmon and Windows Events logs
• Detecting Lateral Movement through Tracking Event Logs
• How to build a Threat Hunting platform using ELK Stack
• Endpoint Detection of Remote Service Creation and PsExec - Hunting for lateral movement with Event Tracing for Windows (ETW)

Hunting with AI

• 10 ways to use ChatGPT for Threat Hunting
• ChatGPT for CTI Professionals
• Complete ChatGPT Guide for DevSecOps: Top 20 Most Essential Prompts
• ChatGPT Use Cases for CyberSecurity Folks
• 60 Chat GPT Prompts for Cyber Security by Experts

Must Read

• Threat Hunting:Open Season on the Adversary
• The Who, What, Where, When, Why and How of Effective Threat Hunting
• Incident Response is Dead... Long Live Incident Response
• Hunting, and Knowing What To Hunt For
• Cyber Hunting: 5 Tips To Bag Your Prey
• A Simple Hunting Maturity Model
• A Framework for Cyber Threat Hunting
• Seek Evil, and Ye Shall Find: A Guide to Cyber Threat Hunting Operations
• A Guide to Cyber Threat Hunting Operations
• Inside 3 top threat hunting tools - High level overview of Sqrrl, Infocyte and EndGame
• True Threat Hunting: more than just threats and anomalies - Some valid thoughts on what's needed for an effective Threat Hunting program