APT-Hunter
#Threat Defense#Threat Management
ONYPHE is a cyber defense search engine that discovers exposed assets and provides real-time monitoring to identify vulnerabilities and potential risks.
APT-Hunter: A Tool for Threat Hunting in Windows Event Logs
APT-Hunter is a Threat Hunting tool designed for analyzing Windows event logs. It was developed with a purple team mindset to effectively detect Advanced Persistent Threat (APT) movements hidden within the vast amount of Windows event logs. This tool aims to reduce the time required to identify suspicious activities.
APT-Hunter employs pre-defined detection rules and emphasizes statistical analysis to reveal abnormalities, making it highly effective for compromise assessment.
The Output Generated with a
The output generated can be analyzed directly using tools such as Excel, Timeline Explorer, Timesketch, and others...
How to Use APT-Hunter: A Step-by-Step Guide
APT-Hunter is built using Python 3, so to use this tool, you need to install the required libraries first. You can do this by running the following command:
python3 -m pip install -r requirements.txt
Using APT-Hunter is straightforward. To view the available options, simply use the -h argument to print the help menu:
python3 APT-Hunter.py -h
Examples: To analyze EVTX files, you can execute the following command:
python3 APT-Hunter.py -e
