Thunt Labs Security
    Thunt Labs

    Engineering the hunt.

    Where we build the tools to catch what others miss. Open source contributions, internal automation, and advanced research.

    Open Source

    Giving back to the community.

    Velociraptor

    Advanced Velociraptor artifacts for endpoint visibility, tailored for complex hunting in Windows and Linux environments.

    GitHub

    Sigma

    Generic detection rules for emerging threats and TTPs, shared with the community to improve collective defense.

    GitHub

    Scripts

    Python and PowerShell toolsets for rapid triage, memory forensics, and deep artifact parsing including WMI event subscriptions and BITS persistence hunting.

    GitHub

    The Technical Toolbox

    Our methodology is backed by industry-standard DFIR tools and cloud expertise.

    Velociraptor

    Advanced Velociraptor artifacts for endpoint visibility, tailored for complex hunting in Windows and Linux environments.

    First-grade Collection Tools

    Deployment of first-grade collection tools like KAPE and DFIR-ORC to gather raw artifacts and forensic triage data at scale for deep processing.

    Azure & M365

    Expertise in Entra ID, Token Theft (AiTM) investigation, and Unified Audit Log (UAL) correlation. We implement Continuous Access Evaluation (CAE) readiness and Token Binding to defend against identity-based compromises.

    Sigma

    Generic detection rules for emerging threats and TTPs, shared with the community to improve collective defense.

    Internal Arsenal

    Proprietary automation for efficient investigations.

    Automator

    Orchestration engine that automates the boring parts of triage, allowing analysts to focus on analysis.

    Intel

    Aggregated threat intelligence specifically curated for hunting operations.

    thunt-automator — zsh
    thunt-automator --target scope_list.txt --scan fast
    [+] Target list loaded: 145 hosts
    [+] Initiating fast triage scan...
    [>] Deployment: Velociraptor agents check... OK
    [>] Hunting: 'Log4Shell' artifacts... 2 hits found
    [>] Enrichment: IP reputation check...
    [!] Suspicious activity detected on host: SRV-FIN-02

    Leverage our internal arsenal

    Our clients benefit directly from our custom tooling and research. Enhanced detection, faster triage, deeper insights.

    Leverage our internal arsenal