October 2024 updates
October 2024 updates
- 145 tools added, plus multiple existing tools updated.
- 57774 detection patterns
- Additional Threat Groups associations using the TI reports database / and many thanks to @BushidoUK cti projects
In progress:
- Automated recuperation of hashes from github releases of each tool as soon as they are released
- combination with another project to automatically compile and upload to virustotal some critical tools selected with the
metadata_severity_score
- combination with another project to automatically compile and upload to virustotal some critical tools selected with the
- reorganization of tags
- reorganization of lookups (thinking about lookup with hash / without hash / without tags... open to suggestion)
links
- WebSite: https://mthcht.github.io/ThreatHunting-Keywords/
- ThreatHunting-Keywords Github repo: https://github.com/mthcht/ThreatHunting-Keywords
- ThreatHunting-Keywords Individual Tool Lists: https://github.com/mthcht/ThreatHunting-Keywords/tree/main/tools
- Yara Rules Github repo: https://github.com/mthcht/ThreatHunting-Keywords-yara-rules
- Specific Artifact lists Github repo: https://github.com/mthcht/awesome-lists/tree/main/Lists
new keyword detection patterns added for the following tools :
- 4shared.com
- ADFSDump
- ADPassHunt
- ADSyncDecrypt
- Acunetix Web Vulnerability Scanner
- Adzok
- Argus
- Avast
- BadPotato
- BetterSafetyKatz
- BrowserSnatch
- Cable
- Certify
- CheckPort
- Checkmate
- ChromeCookiesView
- Cmdkey
- DNS-Hijacking
- Dataplicity
- Decrypt-RDCMan
- DecryptRDCManager
- Dirty-Vanity
- EarthWorm
- Eventlogedit-evt--General
- Eventlogedit-evtx--Evolution
- ForgeCert
- FruityC2
- GMSAPasswordReader
- GlobalUnProtect
- GodPotato
- Imminent-Monitor
- Inveigh
- Invoke-RDPThief
- JuicyPotato
- KeeTheft
- KrbRelay
- KrbRelay-SMBServer
- KrbRelayUp
- LAPSToolkit
- LsassReflectDumping
- MSSprinkler
- MozillaCookiesView
- NamelessC2
- NetSess
- NetworkServiceExploit
- NoPowerShell
- PSAttack
- PWDumpX
- PassTheCert
- PortQry
- Poshito
- PowerShellRunner
- PowerUpSQL
- PowerView
- Prince-Ransomware
- PrintSpoofer
- PrivExchange
- Procdump
- PwDump7
- PwDump8
- RottenPotatoNG
- Rubeus
- RunasCs
- Rust Localtunnels
- RustiveDump
- SCMUACBypass
- SMBTrap
- Seatbelt
- ShadowSpray
- SharpChrome
- SharpDPAPI
- SharpEfsPotato
- SharpGPOAbuse
- SharpGpo
- SharpHound
- SharpKatz
- SharpLAPS
- SharpMove
- SharpOxidResolver
- SharpPack
- SharpRDP
- SharpSCCM
- SharpSQL
- SharpUp
- SharpView
- Sharpmad
- SigmaPotato
- SimpleBackdoorAdmin
- Smbtouch-Scanner
- Termite
- Trellonet
- WCE
- Whisker
- adfsbrute
- arp
- atnow
- attrib
- btunnel
- burrow
- certoc
- cobaltstrike
- creddump7
- csexec
- dir
- dropbear
- easyupload.io
- echo
- emkei.cz
- fgdump
- find
- findstr
- hak5 cloudc2
- htran
- libprocesshider
- ln
- localtunnels
- localxpose
- lslsass
- ms-appinstaller
- net
- powershell
- precompiled-binaries
- pretender
- pslist
- psobf
- putty
- pwnlook
- quarkspwdump
- rdp
- reg
- resocks
- sc
- shootback
- smbscan
- sshdoor
- stunnel
- tmate
- tun2socks
- unset
- w32times
- wevtutil
- winPEAS
- winexe
- wso-webshell
- xspy