Trending repositories for topic dfir
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
A curated list of tools for incident response
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
⭐️ A curated list of awesome forensic analysis tools and resources
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
Automate the creation of a lab environment complete with security tooling and logging best practices
Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
TheHive: a Scalable, Open Source and Free Security Incident Response Platform
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
Cortex: a Powerful Observable Analysis and Active Response Engine
Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.
Provides various Windows Server Active Directory (AD) security-focused reports.
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Web browser forensics for Google Chrome/Chromium
Cortex: a Powerful Observable Analysis and Active Response Engine
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
A curated list of tools for incident response
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part ...
Automate the creation of a lab environment complete with security tooling and logging best practices
TheHive: a Scalable, Open Source and Free Security Incident Response Platform
Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
A curated list of tools for incident response
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
⭐️ A curated list of awesome forensic analysis tools and resources
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
TheHive: a Scalable, Open Source and Free Security Incident Response Platform
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It automates the collection of artifacts from a wide range of Unix...
Cortex: a Powerful Observable Analysis and Active Response Engine
Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.
A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.
(Sometimes partial) Python re-implementations of the technologies involved in reading various data sources in Chrome-esque applications.
Provides various Windows Server Active Directory (AD) security-focused reports.
Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!
Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in this exciting journey and add your expertise to our collective eff...
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It automates the collection of artifacts from a wide range of Unix...
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.
A curated list of tools for incident response
⭐️ A curated list of awesome forensic analysis tools and resources
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Rapidly Search and Hunt through Windows Forensic Artefacts
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
TheHive: a Scalable, Open Source and Free Security Incident Response Platform
UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It automates the collection of artifacts from a wide range of Unix...
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.
KQL Queries. Microsoft Defender, Microsoft Sentinel
This is a repository dedicated to the DFIR journey. Contains notes, reflections and links to tools.
A config file that's curated for DFIR examiners with shortcuts to common Windows artifacts and settings enabled that help make your life easier with various file management tasks.
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (EXT4, XFS) journals (not systemd-journald), generates timelines, and detects suspicious activities.
(Sometimes partial) Python re-implementations of the technologies involved in reading various data sources in Chrome-esque applications.
UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It automates the collection of artifacts from a wide range of Unix...
Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!
Windows 10 (v1803+) ActivitiesCache.db parsers (SQLite, PowerShell, .EXE)
yara detection rules for hunting with the threathunting-keywords project
A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.
LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. This project gathers procedural examples from public reports of ...
FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (EXT4, XFS) journals (not systemd-journald), generates timelines, and detects suspicious activities.
A curated list of tools for incident response
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
⭐️ A curated list of awesome forensic analysis tools and resources
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Rapidly Search and Hunt through Windows Forensic Artefacts
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
TheHive: a Scalable, Open Source and Free Security Incident Response Platform
A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.
UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It automates the collection of artifacts from a wide range of Unix...
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.
LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. This project gathers procedural examples from public reports of ...
FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (EXT4, XFS) journals (not systemd-journald), generates timelines, and detects suspicious activities.
This is a repository dedicated to the DFIR journey. Contains notes, reflections and links to tools.
This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.
yara detection rules for hunting with the threathunting-keywords project
KQL Queries. Microsoft Defender, Microsoft Sentinel
Helm charts for running open source digital forensic tools in Kubernetes
Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
Awesome list of keywords and artifacts for Threat Hunting sessions
A repo that aims to centralize a current, running list of relevant parsers/tools for known DFIR artifacts
Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and environment variables. Dumps, detects and dissasemble hooks, shel...