Threat Intelligence
- https://github.com/TheHive-Project/TheHive TheHive: An Scalable Open Source and Free Security Incident Response Platform
- https://github.com/MISP/MISP MISP: Open Source Threat Intelligence and Sharing Platform (formely known as Malware Information Sharing Platform)
- https://github.com/CIRCL/AIL-framework AIL framework – Analysis Information Leak framework
- https://github.com/elceef/dnstwist dnstwist: Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
- https://www.opencti.io/en/ OpenThreatIntel
- https://ivre.rocks/ IVRE: Network recon framework
SIEM (Security Information and Event Management)
- https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx?i=j: Windows Security Log Events Encyclopedia
- https://github.com/defensahacker/windows-evtx-forensics: Perform forensics in Windows Event Log Files
- https://github.com/Neo23x0/sigma: Sigma rules. Generic Signature Format for SIEM Systems
- https://uncoder.io/: Online translator for SIEM saved searches, filters, queries, API requests, correlation and Sigma rules to help SOC Analysts, Threat Hunters and SIEM Engineers
Honeypots
- https://github.com/fw42/honeymap honeymap: Real-time websocket stream of GPS events on a fancy SVG world map
- https://github.com/pwnlandia/mhn MHN: Modern Honey Network
Standards and Frameworks
- https://capec.mitre.org MITRE CAPEC: Common Attack Pattern Enumeration and Classification. Specifies the attack patterns to attacks. I.e.: for a DOS attack (C) Abuse Existing Functionality – (210) -> (M) Flooding – (125) -> (S) UDP Flood – (486) [CVE-2003-0760]
- https://mitre-attack.github.io/attack-navigator/enterprise/ ATT&CK Navigator
- https://attack.mitre.org/matrices/enterprise/ MITRE ATT&CK matrix for OSes
- https://attack.mitre.org/matrices/enterprise/cloud/ MITRE ATT&CK matrix for the cloud
- https://attack.mitre.org/matrices/mobile/ MITRE ATT&CK matrix for mobile apps
- https://www.nist.gov/cyberframework NIST CSF 1.1: NIST Cybersecurity Framework 1.1
- https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final NIST 800-61: NIST Computer Security Incident Handling Guide
- https://www.first.org/standards/frameworks/csirts/csirt_services_framework_v2.1 FIRST CSIRT Services Framework 2.1
- https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html CyberKill Chain: Lockheed Martin Cyber Kill Chain® framework is part of the Intelligence Driven Defense® model for identification and prevention of cyber intrusions activity. The model identifies what the adversaries must complete in order to achieve their objective.
