Trending repositories for topic dfir
A curated list of tools for incident response
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Rapidly Search and Hunt through Windows Forensic Artefacts
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in this exciting journey and add your expertise to our collective eff...
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.
Awesome list of keywords and artifacts for Threat Hunting sessions
Warning lists to inform users of MISP about potential false-positives or other information in indicators
MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD an...
Cortex: a Powerful Observable Analysis and Active Response Engine
Educational, CTF-styled labs for individuals interested in Memory Forensics
Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in this exciting journey and add your expertise to our collective eff...
This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
Rapidly Search and Hunt through Windows Forensic Artefacts
Awesome list of keywords and artifacts for Threat Hunting sessions
Warning lists to inform users of MISP about potential false-positives or other information in indicators
MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD an...
A curated list of tools for incident response
Cortex: a Powerful Observable Analysis and Active Response Engine
Educational, CTF-styled labs for individuals interested in Memory Forensics
A curated list of tools for incident response
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
⭐️ A curated list of awesome forensic analysis tools and resources
Rapidly Search and Hunt through Windows Forensic Artefacts
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
TheHive: a Scalable, Open Source and Free Security Incident Response Platform
Investigate malicious Windows logon by visualizing and analyzing Windows event log
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
Educational, CTF-styled labs for individuals interested in Memory Forensics
Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in this exciting journey and add your expertise to our collective eff...
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
This is a repository dedicated to the DFIR journey. Contains notes, reflections and links to tools.
Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in this exciting journey and add your expertise to our collective eff...
TRACE is a digital forensic analysis tool that provides a user-friendly interface for investigating disk images.
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
(Sometimes partial) Python re-implementations of the technologies involved in reading various data sources in Chrome-esque applications.
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
⚡️ Catalyst is a self-hosted, open source incident response platform and ticket system that helps to automate alert handling and incident response processes
A little tool to play with Azure Identity - Azure and Entra ID lab creation tool. Blog: https://medium.com/@iknowjason/sentinel-for-purple-teaming-183b7df7a2f4
Warning lists to inform users of MISP about potential false-positives or other information in indicators
Awesome list of keywords and artifacts for Threat Hunting sessions
Rapidly Search and Hunt through Windows Forensic Artefacts
MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
Rapidly Search and Hunt through Windows Forensic Artefacts
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
A curated list of tools for incident response
⭐️ A curated list of awesome forensic analysis tools and resources
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD an...
LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. This project gathers procedural examples from public reports of ...
TheHive: a Scalable, Open Source and Free Security Incident Response Platform
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
A little tool to play with Azure Identity - Azure and Entra ID lab creation tool. Blog: https://medium.com/@iknowjason/sentinel-for-purple-teaming-183b7df7a2f4
LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. This project gathers procedural examples from public reports of ...
This is a repository dedicated to the DFIR journey. Contains notes, reflections and links to tools.
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
TRACE is a digital forensic analysis tool that provides a user-friendly interface for investigating disk images.
yara detection rules for hunting with the threathunting-keywords project
Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!
PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.
Graphical interface for the forensic logical acquisition of Mac computers
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
Helm charts for running open source digital forensic tools in Kubernetes
UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD an...
A little tool to play with Azure Identity - Azure and Entra ID lab creation tool. Blog: https://medium.com/@iknowjason/sentinel-for-purple-teaming-183b7df7a2f4
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in this exciting journey and add your expertise to our collective eff...
Awesome list of keywords and artifacts for Threat Hunting sessions
Rapidly Search and Hunt through Windows Forensic Artefacts
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. This project gathers procedural examples from public reports of ...
A curated list of tools for incident response
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
⭐️ A curated list of awesome forensic analysis tools and resources
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
Rapidly Search and Hunt through Windows Forensic Artefacts
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
TheHive: a Scalable, Open Source and Free Security Incident Response Platform
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
Automate the creation of a lab environment complete with security tooling and logging best practices
Awesome list of keywords and artifacts for Threat Hunting sessions
A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you come from where did you go) in Security Incidents and Threat Hunts
A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.
Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, ASN, DNS, WhoIs, Shodan InternetDB and Threat Indicator matches.
PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.
yara detection rules for hunting with the threathunting-keywords project
This is a repository dedicated to the DFIR journey. Contains notes, reflections and links to tools.
LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. This project gathers procedural examples from public reports of ...
Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!
Graphical interface for the forensic logical acquisition of Mac computers
KQL Queries. Microsoft Defender, Microsoft Sentinel
A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.
Awesome list of keywords and artifacts for Threat Hunting sessions
Helm charts for running open source digital forensic tools in Kubernetes
A curated list of tools for incident response. With repository stars⭐ and forks🍴
Sigma detection rules for hunting with the threathunting-keywords project