DetectionlabAutomate the creation of a lab environment complete with security tooling and logging best practices
Stars: ✭ 3,237 (+3578.41%)
Mutual labels: dfir, dfir-automation
hashlookup-forensic-analyserAnalyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/
Stars: ✭ 43 (-51.14%)
Mutual labels: dfir, dfir-automation
github-watchmanMonitoring GitHub for sensitive data shared publicly
Stars: ✭ 60 (-31.82%)
Mutual labels: blue-team, purpleteam
LolbasLiving Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Stars: ✭ 3,810 (+4229.55%)
Mutual labels: dfir, purpleteam
ad-privileged-auditProvides various Windows Server Active Directory (AD) security-focused reports.
Stars: ✭ 42 (-52.27%)
Mutual labels: dfir, purpleteam
LolbasLiving Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Stars: ✭ 1,506 (+1611.36%)
Mutual labels: dfir, purpleteam
Cortex AnalyzersCortex Analyzers Repository
Stars: ✭ 246 (+179.55%)
Mutual labels: dfir
Blue-BaronAutomate creating resilient, disposable, secure and agile monitoring infrastructure for Blue Teams.
Stars: ✭ 23 (-73.86%)
Mutual labels: blue-team
Vast🔮 Visibility Across Space and Time
Stars: ✭ 227 (+157.95%)
Mutual labels: dfir
Atc ReactA knowledge base of actionable Incident Response techniques
Stars: ✭ 226 (+156.82%)
Mutual labels: dfir
cytroneCyTrONE: Integrated Cybersecurity Training Framework
Stars: ✭ 72 (-18.18%)
Mutual labels: cyber-range
PackratLive system forensic collector
Stars: ✭ 16 (-81.82%)
Mutual labels: dfir
TheHiveHooksThis is a python tool aiming to make using TheHive webhooks easier.
Stars: ✭ 22 (-75%)
Mutual labels: dfir
DfirtrackDFIRTrack - The Incident Response Tracking Application
Stars: ✭ 232 (+163.64%)
Mutual labels: dfir
Threathunter PlaybookA Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
Stars: ✭ 2,879 (+3171.59%)
Mutual labels: dfir
EventTranscript.db-ResearchA repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.
Stars: ✭ 33 (-62.5%)
Mutual labels: dfir
ezEmuSee adversary, do adversary: Simple execution of commands for defensive tuning/research (now with more ELF on the shelf)
Stars: ✭ 89 (+1.14%)
Mutual labels: purpleteam
CCXDiggerThe CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Stars: ✭ 45 (-48.86%)
Mutual labels: dfir
assisted-log-enabler-for-awsAssisted Log Enabler for AWS - Find AWS resources that are not logging, and turn them on.
Stars: ✭ 167 (+89.77%)
Mutual labels: blue-team