Repository navigation
detection-engineering
- Website
- Wikipedia
Windows Events Attack Samples
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
☁ ⚡ Granular, Actionable Adversary Emulation for the Cloud
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
Splunk Security Content
A resource containing all the tools each ransomware gangs uses
Awesome Security lists for SOC/CERT/CTI
Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation of detective controls with the goal of proactively identifying malicious or unauthorized activity before it negatively impacts an individual or an organization.
Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.
PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
Pipelined Query Language
Awesome list of keywords and artifacts for Threat Hunting sessions
A flexible threat detection platform that simplifies rule management and deployment using K8s CronJob and Helm, but can also run standalone or with other job schedulers like Nomad.
Misc Threat Hunting Resources
Threatest is a CLI and Go framework for end-to-end testing threat detection rules.
lolC2 is a collection of C2 frameworks that leverage legitimate services to evade detection
Generate datasets of cloud audit logs for common attacks
Purpleteam scripts simulation & Detection - trigger events for SOC detections
Resources To Learn And Understand SIGMA Rules