Skip to content

JouniMi/Threathunt.blog

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
Asyncrat
Asyncrat
 
 
README.md
README.md
 
 
amsi_bypass_detection
amsi_bypass_detection
 
 
bumblee_loader
bumblee_loader
 
 
emotet_queries
emotet_queries
 
 
follina_detection
follina_detection
 
 
how_to_start
how_to_start
 
 
hunt_for_hidden_sch_task
hunt_for_hidden_sch_task
 
 
icedid
icedid
 
 
image_loads_from_susp_location
image_loads_from_susp_location
 
 
impacket_part2
impacket_part2
 
 
impacket_part3
impacket_part3
 
 
impacket_psexec
impacket_psexec
 
 
live_mw_for_hunting_purposes
live_mw_for_hunting_purposes
 
 
lsass-memory-dumping
lsass-memory-dumping
 
 
mde_to_elk.py
mde_to_elk.py
 
 
msbuild
msbuild
 
 
multiple_discovery_commands_in_short_time
multiple_discovery_commands_in_short_time
 
 
payload_execution_from_iso
payload_execution_from_iso
 
 
qakbot
qakbot
 
 
rare_process_as_a_service
rare_process_as_a_service
 
 
sch_tasks
sch_tasks
 
 
seo-poisoning
seo-poisoning
 
 
shodan_to_mde.py
shodan_to_mde.py
 
 

Repository files navigation

Threathunt.blog

Queries from my Threat Hunting related blog, available here: https://threathunt.blog/

The queries are stored in individual files, one for each of the blog posts. There is no metadata or anything, just the queries separated by a line break. The idea behind them are shown in the blog, which is why I do not add anything here. The queries are stored in GitHub only to make it easier to copy them over if the need be.

About

Queries from the blog posts.

Resources

Readme
Activity

Stars

16 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages