Trending repositories for topic dfir
Investigate malicious Windows logon by visualizing and analyzing Windows event log
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
Rapidly Search and Hunt through Windows Forensic Artefacts
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.
A curated list of tools for incident response
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
⭐️ A curated list of awesome forensic analysis tools and resources
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
A little tool to play with Azure Identity - Azure and Entra ID lab creation tool. Blog: https://medium.com/@iknowjason/sentinel-for-purple-teaming-183b7df7a2f4
Browse Windows Prefetch versions: 17,23,26,30v1/2,31 & some of SuperFetch .7db/.db's
Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in this exciting journey and add your expertise to our collective eff...
A knowledge base of actionable Incident Response techniques
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Educational, CTF-styled labs for individuals interested in Memory Forensics
Browse Windows Prefetch versions: 17,23,26,30v1/2,31 & some of SuperFetch .7db/.db's
This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.
Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in this exciting journey and add your expertise to our collective eff...
Investigate malicious Windows logon by visualizing and analyzing Windows event log
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
A little tool to play with Azure Identity - Azure and Entra ID lab creation tool. Blog: https://medium.com/@iknowjason/sentinel-for-purple-teaming-183b7df7a2f4
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
Web browser forensics for Google Chrome/Chromium
A knowledge base of actionable Incident Response techniques
Rapidly Search and Hunt through Windows Forensic Artefacts
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
Educational, CTF-styled labs for individuals interested in Memory Forensics
⭐️ A curated list of awesome forensic analysis tools and resources
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
TheHive: a Scalable, Open Source and Free Security Incident Response Platform
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Investigate malicious Windows logon by visualizing and analyzing Windows event log
Browse Windows Prefetch versions: 17,23,26,30v1/2,31 & some of SuperFetch .7db/.db's
A curated list of tools for incident response
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
Rapidly Search and Hunt through Windows Forensic Artefacts
This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.
TheHive: a Scalable, Open Source and Free Security Incident Response Platform
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.
The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifacts...
Browse Windows Prefetch versions: 17,23,26,30v1/2,31 & some of SuperFetch .7db/.db's
This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.
A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.
A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in this exciting journey and add your expertise to our collective eff...
(Sometimes partial) Python re-implementations of the technologies involved in reading various data sources in Chrome-esque applications.
Investigate malicious Windows logon by visualizing and analyzing Windows event log
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
Windows 10 (v1803+) ActivitiesCache.db parsers (SQLite, PowerShell, .EXE)
The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifacts...
The official repo for a project involving a crowdsourced DFIR book. The main purpose of this book is to give anyone interested an opportunity to write a chapter of a book to get their name out there, ...
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!
Rapidly Search and Hunt through Windows Forensic Artefacts
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
Web browser forensics for Google Chrome/Chromium
This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.
A curated list of tools for incident response
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
Rapidly Search and Hunt through Windows Forensic Artefacts
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Investigate malicious Windows logon by visualizing and analyzing Windows event log
⭐️ A curated list of awesome forensic analysis tools and resources
TheHive: a Scalable, Open Source and Free Security Incident Response Platform
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.
This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.
Browse Windows Prefetch versions: 17,23,26,30v1/2,31 & some of SuperFetch .7db/.db's
TRACE is a digital forensic analysis tool that provides a user-friendly interface for investigating disk images.
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!
Graphical interface for the forensic logical acquisition of Mac computers
Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in this exciting journey and add your expertise to our collective eff...
Awesome list of keywords and artifacts for Threat Hunting sessions
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Documentation and scripts to properly enable Windows event logs.
UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD an...
LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. This project gathers procedural examples from public reports of ...
A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.
A curated list of tools for incident response
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
⭐️ A curated list of awesome forensic analysis tools and resources
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Rapidly Search and Hunt through Windows Forensic Artefacts
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
TheHive: a Scalable, Open Source and Free Security Incident Response Platform
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD an...
A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you come from where did you go) in Security Incidents and Threat Hunts
PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.
LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. This project gathers procedural examples from public reports of ...
This is a repository dedicated to the DFIR journey. Contains notes, reflections and links to tools.
yara detection rules for hunting with the threathunting-keywords project
Graphical interface for the forensic logical acquisition of Mac computers
Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, ASN, DNS, WhoIs, Shodan InternetDB and Threat Indicator matches.
KQL Queries. Microsoft Defender, Microsoft Sentinel
Helm charts for running open source digital forensic tools in Kubernetes
This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.
A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.
Awesome list of keywords and artifacts for Threat Hunting sessions
A curated list of tools for incident response. With repository stars⭐ and forks🍴
