Displaying 1 to 9 from 9 results

ThreatHunter-Playbook - A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns


A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns by leveraging Sysmon and Windows Events logs. This project will provide specific chains of events exclusively at the host level so that you can take them and develop logic to deploy queries or alerts in your preferred tool or format such as Splunk, ELK, Sigma, GrayLog etc. This repo will follow the structure of the MITRE ATT&CK framework which categorizes post-compromise adversary behavior in tactical groups. In addition, it will provide information about hunting tools/platforms developed by the infosec community for testing and enterprise-wide hunting.Can't wait to see other hunters' pull requests with awesome ideas to detect advanced patterns of behavior. The more chains of events you contribute the better this playbook will be for the community.

hunter - :package: CMake driven cross-platform package manager for C/C++

  •    CMake

CMake driven cross-platform package manager for C/C++. Linux, Windows, macOS, iOS, Android, Raspberry Pi, etc.

weather - :sunny: Example of using hunter (http://github

  •    CMake

Simple cross-platform open source weather by city application. Hunter package manager usage example. Note that a lot of time (> 1 hour) and space (> 1 GB) may be required for build, so be patient and consider test this tiny-project before run.

gate - Gate to Hunter packages

  •    CMake

This is a gate file to Hunter package manager.

drishti - Real time eye tracking for embedded and mobile devices.

  •    C++

Native iOS, Android, and "desktop" variants of the real-time facefilter application have been added here: src/examples/facefilter. These applications link against the installed public drishti::drishti package interface, which is designed without external types in the API definition. The facefilter demos are enabled by the DRISHTI_BUILD_EXAMPLES CMake option, and the entire src/examples tree is designed to be relocatable, you can cp -r src/examples ${HOME}/drishti_examples, customize, and build, by simply updating the drishti package details. The iOS facefilter target requires Xcode 9 (beta 4) or above (Swift language requirements) and will be generated directly as a standard CMake add_executable() target as part of the usual top level project build -- if you are using an appropriate CMake iOS toolchain for cross compilation from your macOS + Xcode host for your iOS device. Please see Polly Based Build and iOS Build below for more details.

acf - Aggregated Channel Feature object detection in C++ and OpenGL ES 2

  •    C++

This module is very well suited to running real time object detection on mobile processors, where recent high performing but GPU needy DNN approaches aren't as suitable. The ACF pyramids can be computed with the OpenGL ES 2.0 shaders and retrieved more or less for free (< 1 frame time with 1 frame of latency). For selfie video, the pretrained face detectors (see FACE80 and FACE64) run in a few milliseconds on an iPhone 7. TODO: The Locally Decorrelated Channel Feature addition has not yet been added (see LDCF), but the 5x5 kernels should map well to OpenGL shaders. That should make performance very competitive (see Piotr's references for comparisons). ACF is a CMake based project that uses the Hunter package manager to download and build project dependencies from source as needed. Hunter contains detailed documentation, but a few high level notes and documentation links are provided here to help orient first time users. In practice, some working knowledge of CMake may also be required. Hunter itself is written in CMake, and is installed as part of the build process from a single HunterGate() macro at the top of the root CMakeLists.txt file (typically cmake/Hunter/HunterGate.cmake) (you don't have to build or install it). Each CMake dependency's find_package(FOO) call that is paired with a hunter_add_package(FOO CONFIG REQUIRED) will be managed by Hunter. In most cases, the only system requirement for building a Hunter project is a recent CMake with CURL support and a working compiler correpsonding to the operative toolchain. Hunter will maintain all dependencies in a versioned local cache by default (typically ${HOME}/.hunter) where they can be reused in subsequent builds and shared between different projects. They can also be stored in a server side binary cache -- select toolchains will be backed by a server side binary cache (https://github.com/elucideye/hunter-cache) and will produce faster first time builds (use them if you can!).

android-cmake - Run Android application using CMake and Hunter package manager

  •    C++

Examples of using Hunter package manager to build and run Android application. Note that there is no need to download Android SDK manually since it will be downloaded by Hunter.

hunter-simple - Simple example of using Hunter package manager

  •    CMake

Example of downloading/installing dependencies using Hunter package manager. Note: since cache uploaded from Travis/AppVeyor CI hence configuration will always match.