Statistics for topic dfir

RepositoryStats tracks 584,797 Github repositories, of these 181 are tagged with the dfir topic. The most common primary language for repositories using this topic is Python (64). Other languages include: PowerShell (26)

Stargazers over time for topic dfir

Most starred repositories for topic dfir (view more)

toniblyx
my-arsenal-of-aws-security-tools toniblyx
1.5k
9.0k
apache-2.0
395
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
iam dfir cloud auditing security aws-lambda cloudtrail aws-inventory security-tools incident-response aws-infrastructure
Created 2018-07-18
310 commits to master branch, last one 23 days ago
meirwah
awesome-incident-response meirwah
1.5k
7.7k
apache-2.0
463
A curated list of tools for incident response
dfir list awesome security awesome-list cybersecurity incident-response incident-response-tooling
Created 2015-11-10
521 commits to master branch, last one 7 months ago
LOLBAS-Project
LOLBAS LOLBAS-Project
1k
7.1k
gpl-3.0
230
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
dfir lolbins redteam blueteam lolscripts purpleteam living-off-the-land
Created 2018-06-08
790 commits to master branch, last one 10 days ago
zeek
zeek zeek
1.2k
6.5k
other
350
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
bro nsm dfir pcap zeek security network-monitoring
Created 2012-07-06
17,268 commits to master branch, last one 24 hours ago
clong
DetectionLab clong
989
4.6k
mit
154
Automate the creation of a lab environment complete with security tooling and logging best practices
dfir packer sysmon ansible osquery vagrant detection terraform powershell vagrantfile detectionlab dfir-automation lab-environment information-security
Created 2017-03-25
1,222 commits to master branch, last one about a year ago
OTRF
ThreatHunter-Playbook OTRF
809
4.0k
mit
373
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
dfir mitre hunter sysmon hunting hypothesis threat-hunting mitre-attack-db hunting-campaigns
Created 2017-03-28
466 commits to master branch, last one 2 years ago

Trending repositories for topic dfir (view more)

Last 3 days (new repositories)
no newly created repositories trending in the last 3 days
Last 3 days (absolute gain)
meirwah
meirwah/awesome-incident-response

A curated list of tools for incident response

7,681 (+9)
apache-2.0
Yamato-Security
Yamato-Security/hayabusa

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

2,317 (+8)
agpl-3.0
WithSecureLabs
WithSecureLabs/chainsaw

Rapidly Search and Hunt through Windows Forensic Artefacts

2,884 (+7)
gpl-3.0
intelowlproject
intelowlproject/IntelOwl

IntelOwl: manage your Threat Intelligence at scale

3,847 (+4)
agpl-3.0
Unprotect-Project
Unprotect-Project/Unprotect_Submission

Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in this exciting journey and add your expertise to our collective eff...

139 (+3)
Last 3 days (relative gain)
Unprotect-Project
Unprotect-Project/Unprotect_Submission

Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in this exciting journey and add your expertise to our collective eff...

139 (+2%)
cr0nx
cr0nx/awesome-linux-attack-forensics-purplelabs

This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.

126 (+0.8%)
gpl-3.0
mthcht
mthcht/awesome-lists

Awesome Security lists for SOC/CERT/CTI

715 (+0.6%)
mit
Yamato-Security
Yamato-Security/hayabusa

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

2,317 (+0.3%)
agpl-3.0
securityjoes
securityjoes/MasterParser

MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs

683 (+0.3%)
mit
Last week (new repositories)
no newly created repositories trending in the last week
Last week (absolute gain)
meirwah
meirwah/awesome-incident-response

A curated list of tools for incident response

7,681 (+20)
apache-2.0
Yamato-Security
Yamato-Security/hayabusa

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

2,317 (+20)
agpl-3.0
LOLBAS-Project
LOLBAS-Project/LOLBAS

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

7,110 (+16)
gpl-3.0
cugu
cugu/awesome-forensics

⭐️ A curated list of awesome forensic analysis tools and resources

3,999 (+13)
cc0-1.0
WithSecureLabs
WithSecureLabs/chainsaw

Rapidly Search and Hunt through Windows Forensic Artefacts

2,884 (+11)
gpl-3.0
Last week (relative gain)
dbissell6
dbissell6/DFIR

This is a repository dedicated to the DFIR journey. Contains notes, reflections and links to tools.

55 (+4%)
Unprotect-Project
Unprotect-Project/Unprotect_Submission

Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in this exciting journey and add your expertise to our collective eff...

139 (+3%)
mdawsonuk
mdawsonuk/LevelDBDumper

Dumps all of the Key/Value pairs from a LevelDB database

63 (+2%)
gpl-3.0
Gadzhovski
Gadzhovski/TRACE-Forensic-Toolkit

TRACE is a digital forensic analysis tool that provides a user-friendly interface for investigating disk images.

132 (+2%)
mit
cr0nx
cr0nx/awesome-linux-attack-forensics-purplelabs

This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.

126 (+0.8%)
gpl-3.0
Last month (new repositories)
no newly created repositories trending in the last month
Last month (absolute gain)
securityjoes
securityjoes/MasterParser

MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs

683 (+101)
mit
WithSecureLabs
WithSecureLabs/chainsaw

Rapidly Search and Hunt through Windows Forensic Artefacts

2,884 (+91)
gpl-3.0
LOLBAS-Project
LOLBAS-Project/LOLBAS

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

7,110 (+89)
gpl-3.0
meirwah
meirwah/awesome-incident-response

A curated list of tools for incident response

7,681 (+79)
apache-2.0
cugu
cugu/awesome-forensics

⭐️ A curated list of awesome forensic analysis tools and resources

3,999 (+54)
cc0-1.0
Last month (relative gain)
LOLESXi-Project
LOLESXi-Project/LOLESXi

LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. This project gathers procedural examples from public reports of ...

105 (+36%)
gpl-3.0
dbissell6
dbissell6/DFIR

This is a repository dedicated to the DFIR journey. Contains notes, reflections and links to tools.

55 (+25%)
securityjoes
securityjoes/MasterParser

MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs

683 (+17%)
mit
Gadzhovski
Gadzhovski/TRACE-Forensic-Toolkit

TRACE is a digital forensic analysis tool that provides a user-friendly interface for investigating disk images.

132 (+10%)
mit
mthcht
mthcht/ThreatHunting-Keywords-yara-rules

yara detection rules for hunting with the threathunting-keywords project

87 (+9%)
Last 12-months (new repositories)
securityjoes
securityjoes/MasterParser

MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs

683
mit
cristianzsh
cristianzsh/forensictools

Collection of forensic tools

517
apache-2.0
roadwy
roadwy/DefenderYara

Extracted Yara rules from Windows Defender mpavbase and mpasbase

222
LOLESXi-Project
LOLESXi-Project/LOLESXi

LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. This project gathers procedural examples from public reports of ...

105
gpl-3.0
mf1d3l
mf1d3l/Splunk4DFIR

Harness the power of Splunk for your investigations

77
mit
Last 12-months (absolute gain)
meirwah
meirwah/awesome-incident-response

A curated list of tools for incident response

7,681 (+1,010)
apache-2.0
LOLBAS-Project
LOLBAS-Project/LOLBAS

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

7,110 (+951)
gpl-3.0
intelowlproject
intelowlproject/IntelOwl

IntelOwl: manage your Threat Intelligence at scale

3,847 (+910)
agpl-3.0
zeek
zeek/zeek

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

6,464 (+847)
cugu
cugu/awesome-forensics

⭐️ A curated list of awesome forensic analysis tools and resources

3,999 (+755)
cc0-1.0
Last 12-months (relative gain)
roadwy
roadwy/DefenderYara

Extracted Yara rules from Windows Defender mpavbase and mpasbase

222 (+5,450%)
cgosec
cgosec/Blauhaunt

A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you come from where did you go) in Security Incidents and Threat Hunts

161 (+3,120%)
mit
securityjoes
securityjoes/ForensicMiner

A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.

148 (+2,014%)
mit
joeavanzato
joeavanzato/LogBoost

Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, ASN, DNS, WhoIs, Shodan InternetDB and Threat Indicator matches.

98 (+1,533%)
mit
joeavanzato
joeavanzato/RetrievIR

PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.

91 (+1,200%)
mit