Statistics for topic dfir

RepositoryStats tracks 595,856 Github repositories, of these 182 are tagged with the dfir topic. The most common primary language for repositories using this topic is Python (64). Other languages include: PowerShell (26)

Stargazers over time for topic dfir

Most starred repositories for topic dfir (view more)

toniblyx
my-arsenal-of-aws-security-tools toniblyx
1.5k
9.0k
apache-2.0
397
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
iam dfir cloud auditing security aws-lambda cloudtrail aws-inventory security-tools incident-response aws-infrastructure
Created 2018-07-18
310 commits to master branch, last one about a month ago
meirwah
awesome-incident-response meirwah
1.5k
7.7k
apache-2.0
464
A curated list of tools for incident response
dfir list awesome security awesome-list cybersecurity incident-response incident-response-tooling
Created 2015-11-10
521 commits to master branch, last one 8 months ago
LOLBAS-Project
LOLBAS LOLBAS-Project
1.0k
7.2k
gpl-3.0
229
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
dfir lolbins redteam blueteam lolscripts purpleteam living-off-the-land
Created 2018-06-08
790 commits to master branch, last one about a month ago
zeek
zeek zeek
1.2k
6.5k
other
351
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
bro nsm dfir pcap zeek security network-monitoring
Created 2012-07-06
17,538 commits to master branch, last one 19 hours ago
clong
DetectionLab clong
995
4.7k
mit
154
Automate the creation of a lab environment complete with security tooling and logging best practices
dfir packer sysmon ansible osquery vagrant detection terraform powershell vagrantfile detectionlab dfir-automation lab-environment information-security
Created 2017-03-25
1,222 commits to master branch, last one about a year ago
OTRF
ThreatHunter-Playbook OTRF
812
4.1k
mit
373
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
dfir mitre hunter sysmon hunting hypothesis threat-hunting mitre-attack-db hunting-campaigns
Created 2017-03-28
466 commits to master branch, last one 2 years ago

Trending repositories for topic dfir (view more)

Last 3 days (new repositories)
no newly created repositories trending in the last 3 days
Last 3 days (absolute gain)
cr0nx
cr0nx/awesome-linux-attack-forensics-purplelabs

This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.

212 (+21)
gpl-3.0
Yamato-Security
Yamato-Security/hayabusa

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

2,366 (+9)
agpl-3.0
meirwah
meirwah/awesome-incident-response

A curated list of tools for incident response

7,738 (+8)
apache-2.0
zeek
zeek/zeek

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

6,532 (+8)
Neo23x0
Neo23x0/Loki

Loki - Simple IOC and YARA Scanner

3,428 (+8)
gpl-3.0
Last 3 days (relative gain)
cr0nx
cr0nx/awesome-linux-attack-forensics-purplelabs

This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.

212 (+11%)
gpl-3.0
stanfrbd
stanfrbd/cyberbro

A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.

60 (+9%)
wtfpl
ChaitanyaHaritash
ChaitanyaHaritash/IllusiveFog

Windows Administrator level Implant.

37 (+6%)
mit
mthcht
mthcht/awesome-lists

Awesome Security lists for SOC/CERT/CTI

743 (+0.5%)
mit
Correia-jpv
Correia-jpv/fucking-awesome-incident-response

A curated list of tools for incident response. With repository stars⭐ and forks🍴

202 (+0.5%)
apache-2.0
Last week (new repositories)
no newly created repositories trending in the last week
Last week (absolute gain)
stanfrbd
stanfrbd/cyberbro

A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.

60 (+46)
wtfpl
cr0nx
cr0nx/awesome-linux-attack-forensics-purplelabs

This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.

212 (+36)
gpl-3.0
Cyb3r-Monk
Cyb3r-Monk/Threat-Hunting-and-Detection

Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).

680 (+25)
bsd-3-clause
meirwah
meirwah/awesome-incident-response

A curated list of tools for incident response

7,738 (+19)
apache-2.0
zeek
zeek/zeek

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

6,532 (+17)
Last week (relative gain)
stanfrbd
stanfrbd/cyberbro

A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.

60 (+329%)
wtfpl
cr0nx
cr0nx/awesome-linux-attack-forensics-purplelabs

This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.

212 (+20%)
gpl-3.0
ChaitanyaHaritash
ChaitanyaHaritash/IllusiveFog

Windows Administrator level Implant.

37 (+6%)
mit
Cyb3r-Monk
Cyb3r-Monk/Threat-Hunting-and-Detection

Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).

680 (+4%)
bsd-3-clause
dbissell6
dbissell6/DFIR

This is a repository dedicated to the DFIR journey. Contains notes, reflections and links to tools.

58 (+2%)
Last month (new repositories)
no newly created repositories trending in the last month
Last month (absolute gain)
cr0nx
cr0nx/awesome-linux-attack-forensics-purplelabs

This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.

212 (+85)
gpl-3.0
roadwy
roadwy/DefenderYara

Extracted Yara rules from Windows Defender mpavbase and mpasbase

299 (+68)
zeek
zeek/zeek

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

6,532 (+62)
meirwah
meirwah/awesome-incident-response

A curated list of tools for incident response

7,738 (+57)
apache-2.0
LOLBAS-Project
LOLBAS-Project/LOLBAS

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

7,167 (+54)
gpl-3.0
Last month (relative gain)
stanfrbd
stanfrbd/cyberbro

A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.

60 (+445%)
wtfpl
cr0nx
cr0nx/awesome-linux-attack-forensics-purplelabs

This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.

212 (+67%)
gpl-3.0
roadwy
roadwy/DefenderYara

Extracted Yara rules from Windows Defender mpavbase and mpasbase

299 (+29%)
ChaitanyaHaritash
ChaitanyaHaritash/IllusiveFog

Windows Administrator level Implant.

37 (+12%)
mit
Gadzhovski
Gadzhovski/TRACE-Forensic-Toolkit

TRACE is a digital forensic analysis tool that provides a user-friendly interface for investigating disk images.

145 (+9%)
mit
Last 12-months (new repositories)
cristianzsh
cristianzsh/forensictools

Collection of forensic tools

531
apache-2.0
roadwy
roadwy/DefenderYara

Extracted Yara rules from Windows Defender mpavbase and mpasbase

299
LOLESXi-Project
LOLESXi-Project/LOLESXi

LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. This project gathers procedural examples from public reports of ...

108
gpl-3.0
mf1d3l
mf1d3l/Splunk4DFIR

Harness the power of Splunk for your investigations

80
mit
Lazza
Lazza/Fuji

Graphical interface for the forensic logical acquisition of Mac computers

70
gpl-3.0
Last 12-months (absolute gain)
meirwah
meirwah/awesome-incident-response

A curated list of tools for incident response

7,738 (+988)
apache-2.0
intelowlproject
intelowlproject/IntelOwl

IntelOwl: manage your Threat Intelligence at scale

3,908 (+945)
agpl-3.0
LOLBAS-Project
LOLBAS-Project/LOLBAS

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

7,167 (+928)
gpl-3.0
zeek
zeek/zeek

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

6,532 (+857)
cugu
cugu/awesome-forensics

⭐️ A curated list of awesome forensic analysis tools and resources

4,036 (+718)
cc0-1.0
Last 12-months (relative gain)
roadwy
roadwy/DefenderYara

Extracted Yara rules from Windows Defender mpavbase and mpasbase

299 (+7,375%)
cgosec
cgosec/Blauhaunt

A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you come from where did you go) in Security Incidents and Threat Hunts

164 (+3,180%)
mit
securityjoes
securityjoes/MasterParser

MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs

696 (+1,482%)
mit
joeavanzato
joeavanzato/RetrievIR

PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.

91 (+1,038%)
mit
dbissell6
dbissell6/DFIR

This is a repository dedicated to the DFIR journey. Contains notes, reflections and links to tools.

58 (+867%)