Pivot Atlas

This repository contains the source code for the Pivot Atlas website, a pivoting handbook for cyber threat intelligence analysts, containing simple reference material for how to make the best use of various threat activity observables, such as IP addresses and file hashes.

For any given type of observable encountered during an investigation, analysts can use Pivot Atlas to figure out what steps they should take to reveal potentially related infrastructure or tooling. Every listed pivoting method can be performed using one or more platforms (depending on preference or availability), and query examples are provided for the most commonly used tools. Diagrams are also included for easy navigation between artifact types.

This project is a work in progress and cannot yet serve as a truly comprehensive guide to pivoting, but in time it could. If you would like to contribute content, please feel free to submit a pull request.