Trending repositories for topic dfir
UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, O...
Documentation and scripts to properly enable Windows event logs.
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
A curated list of tools for incident response
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
TheHive: a Scalable, Open Source and Free Security Incident Response Platform
Automate the creation of a lab environment complete with security tooling and logging best practices
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
Educational, CTF-styled labs for individuals interested in Memory Forensics
Rapidly Search and Hunt through Windows Forensic Artefacts
UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, O...
Documentation and scripts to properly enable Windows event logs.
Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, Domain, ASN, DNS and Threat Indicator matches.
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Catalyst is an open source SOAR and ticket system that helps to automate alert handling and incident response processes
Timeline of Active Directory changes with replication metadata
Warning lists to inform users of MISP about potential false-positives or other information in indicators
DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, O...
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
A curated list of tools for incident response
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
Rapidly Search and Hunt through Windows Forensic Artefacts
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
Documentation and scripts to properly enable Windows event logs.
TheHive: a Scalable, Open Source and Free Security Incident Response Platform
A curated list of tools for incident response. With repository stars⭐ and forks🍴
A curated list of tools for incident response. With repository stars⭐ and forks🍴
UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, O...
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
Documentation and scripts to properly enable Windows event logs.
Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, Domain, ASN, DNS and Threat Indicator matches.
Docker configurations for TheHive, Cortex and 3rd party tools
Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.
(Sometimes partial) Python re-implementations of the technologies involved in reading various data sources in Chrome-esque applications.
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Catalyst is an open source SOAR and ticket system that helps to automate alert handling and incident response processes
Timeline of Active Directory changes with replication metadata
Warning lists to inform users of MISP about potential false-positives or other information in indicators
Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!
Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part ...
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
A curated list of tools for incident response
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
A curated list of awesome forensic analysis tools and resources
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.
Documentation and scripts to properly enable Windows event logs.
UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, O...
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Rapidly Search and Hunt through Windows Forensic Artefacts
Automate the creation of a lab environment complete with security tooling and logging best practices
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.
yara detection rules for hunting with the threathunting-keywords project
A curated list of tools for incident response. With repository stars⭐ and forks🍴
Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!
Documentation and scripts to properly enable Windows event logs.
A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you come from where did you go) in Security Incidents and Threat Hunts
UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, O...
(Sometimes partial) Python re-implementations of the technologies involved in reading various data sources in Chrome-esque applications.
Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, Domain, ASN, DNS and Threat Indicator matches.
Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.
Helm charts for running open source digital forensic tools in Kubernetes
A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update. Use these CSVs to ...
A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.
Awesome list of keywords and artifacts for Threat Hunting sessions
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.
A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you come from where did you go) in Security Incidents and Threat Hunts
A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.
Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, Domain, ASN, DNS and Threat Indicator matches.
Digital Forensics Incident Response and Detection engineering: Análisis forense de artefactos comunes y no tan comunes. Técnicas anti-forense y detección de técnicas utilizadas por actores maliciosos ...
yara detection rules for hunting with the threathunting-keywords project
Sigma detection rules for hunting with the threathunting-keywords project
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
A curated list of tools for incident response
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
A curated list of awesome forensic analysis tools and resources
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Rapidly Search and Hunt through Windows Forensic Artefacts
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
Automate the creation of a lab environment complete with security tooling and logging best practices
TheHive: a Scalable, Open Source and Free Security Incident Response Platform
KQL Queries. Microsoft 365 Defender, Microsoft Sentinel
Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!
A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.
Digital Forensics Incident Response and Detection engineering: Análisis forense de artefactos comunes y no tan comunes. Técnicas anti-forense y detección de técnicas utilizadas por actores maliciosos ...
Awesome list of keywords and artifacts for Threat Hunting sessions
Sigma detection rules for hunting with the threathunting-keywords project
Helm charts for running open source digital forensic tools in Kubernetes
Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)
A curated list of tools for incident response. With repository stars⭐ and forks🍴
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Lua plugin to extract data from Wireshark and convert it into MISP format
Documentation and scripts to properly enable Windows event logs.
This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.
PowerShell script to help Incident Responders discover potential adversary persistence mechanisms.
A script to convert a Cellebrite UFDR to the original file structure.