Search the Community

This tool, called "ThreatHound," is a powerful and versatile tool written in Python (with a new C version available for Linux-based systems) that helps with IR & Threat Hunting & CA. With ThreatHound, you can drop your event log file and analyze the results easily. It now supports Windows through the ThreatHound.exe, making it even more accessible. The latest release of ThreatHound has several new features that make it even more useful. For example, you can now save results in JSON format or print them on the screen by using the "print" argument. If you want to save results in JSON format, you can set the argument to "no." If you prefer to print the results on the screen, you can set the argument to "yes." You can give ThreatHound a single EVTX file, a Windows event logs folder, or multiple EVTX files separated by commas using the "-p" argument. You can also give Sigma rules path using the "-s" argument. ThreatHound also has multithreading capabilities, which significantly improves its running speed. It is an agent-based tool, which means you can push it to multiple servers and run it easily. ThreatHound has many useful features, including automation for Threat hunting, Compromise Assessment, and Incident Response for the Windows Event Logs. It downloads and updates Sigma rules daily from the source and has more than 50 detection rules included. With support for more than 1500 detection rules for Sigma, it can detect a wide range of threats. One of the best things about ThreatHound is that you can easily add your own detection rules to it. It also allows you to add new event log source types to mapping.py easily, making it even more flexible. Overall, ThreatHound is a powerful and useful tool for anyone working in the IR, Threat Hunting, or CA fields. Its ability to detect a wide range of threats, combined with its flexibility and ease of use, make it an invaluable addition to any security toolkit. Here is github link: [Hidden Content] Hope it helps, Happy Hunting!

what hosts do you recommend on which you can put a warrior

Introduction The VulFi (Vulnerability Finder) tool is a plugin to IDA Pro which can be used to assist during bug hunting in binaries. Its main objective is to provide a single view with all cross-references to the most interesting functions (such as strcpy, sprintf, system, etc.). For cases where a Hexrays decompiler can be used, it will attempt to rule out calls to these functions which are not interesting from a vulnerability research perspective (think something like strcpy(dst,"Hello World!")). Without the decompiler, the rules are much simpler (to not depend on architecture) and thus only rule out the most obvious cases. [hide][Hidden Content]]

[Hidden Content]

[Hidden Content]