detection-engineering

Windows Events Attack Samples

☁ ⚡ Granular, Actionable Adversary Emulation for the Cloud

Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

Splunk Security Content

A resource containing all the tools each ransomware gangs uses

Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.

Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation of detective controls with the goal of proactively identifying malicious or unauthorized activity before it negatively impacts an individual or an organization.

Awesome Security lists for SOC/CERT/CTI

PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments

Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).

Pipelined Query Language

Awesome list of keywords and artifacts for Threat Hunting sessions

A flexible threat detection platform that simplifies rule management and deployment using K8s CronJob and Helm, but can also run standalone or with other job schedulers like Nomad.

Misc Threat Hunting Resources

Threatest is a CLI and Go framework for end-to-end testing threat detection rules.

Generate datasets of cloud audit logs for common attacks

Purpleteam scripts simulation & Detection - trigger events for SOC detections

Resources To Learn And Understand SIGMA Rules

Signature engine for all your logs