Skip to content

Latest commit

 

History

History
32 lines (21 loc) · 2.53 KB

README.md

File metadata and controls

32 lines (21 loc) · 2.53 KB

The Threat Hunter Playbook

Binder License: MIT Twitter Open_Threat_Research Community Open Source Love

The Threat Hunter Playbook is a community-driven, open source project to share detection logic, adversary tradecraft and resources to make detection development more efficient. All the detection documents in this project follow the structure of MITRE ATT&CK categorizing post-compromise adversary behavior in tactical groups and are available in the form of interactive notebooks. The use of notebooks not only allow us to share text, queries and expected output, but also code to help others run detection logic against pre-recorded security datasets locally or remotely through BinderHub cloud computing environments.

Goals

  • Expedite the development of techniques an hypothesis for hunting campaigns.
  • Help security researchers understand patterns of behavior observed during post-exploitation.
  • Share resources to validate analytics locally or remotely through cloud computing environments for free.
  • Map pre-recorded datasets to adversarial techniques.
  • Accelerate infosec learning through open source resources.

Author

Roberto Rodriguez @Cyb3rWard0g

Official Committers

  • Jose Luis Rodriguez @Cyb3rPandaH is adding his expertise in data science to it.

Acknowledgements