THT - Threat Hunting Toolkit

A Swiss Army knife for threat hunting, log processing, and security-focused data science.

https://github.com/ethack/tht

RITA - Real Intelligence Threat Analytics

A framework for detecting command and control communication through network traffic analysis.

https://www.activecountermeasures.com/free-tools/rita/

Wireshark

A network protocol analyzer that lets you see what’s happening on your network at a microscopic level.

https://www.wireshark.org/

ZEEK

A software platform that provides compact, high-fidelity transaction logs, file content, and fully customized output to help analysts understand how their network is being used.

https://zeek.org/

BloodHound

Uses graph theory to reveal hidden relationships within an Active Directory or Azure environment to identify and eliminate those same attack paths.

https://github.com/BloodHoundAD/BloodHound

Atomic Red Team

A library of tests mapped to the MITRE ATT&CK® framework that can quickly, portably, and reproducibly test your environment.

https://github.com/redcanaryco/atomic-red-team

DeepBlueCLI

A PowerShell Module for threat hunting via Windows event logs.

https://github.com/sans-blue-team/DeepBlueCLI

Search Engines

No one knows everything.

When in doubt, do a search.

https://www.bing.com