Skip to content

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

License

Notifications You must be signed in to change notification settings

OTRF/ThreatHunter-Playbook

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

The Threat Hunter Playbook

Binder License: MIT Twitter Open_Threat_Research Community Open Source Love

The Threat Hunter Playbook is a community-driven, open source project to share detection logic, adversary tradecraft and resources to make detection development more efficient. All the detection documents in this project follow the structure of MITRE ATT&CK categorizing post-compromise adversary behavior in tactical groups and are available in the form of interactive notebooks. The use of notebooks not only allow us to share text, queries and expected output, but also code to help others run detection logic against pre-recorded security datasets locally or remotely through BinderHub cloud computing environments.

Goals

  • Expedite the development of techniques an hypothesis for hunting campaigns.
  • Help security researchers understand patterns of behavior observed during post-exploitation.
  • Share resources to validate analytics locally or remotely through cloud computing environments for free.
  • Map pre-recorded datasets to adversarial techniques.
  • Accelerate infosec learning through open source resources.

Author

Roberto Rodriguez @Cyb3rWard0g

Official Committers

  • Jose Luis Rodriguez @Cyb3rPandaH is adding his expertise in data science to it.

Acknowledgements

About

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published