Stars
DNS-Blocklists: For a better internet - keep the internet clean!
Adversary tradecraft detection, protection, and hunting
Hunt the windows Registry automatically using VQL
ESE is an embedded / ISAM-based database engine, that provides rudimentary table and indexed access. However the library provides many other strongly layered and and thus reusable sub-facilities as…
A Go implementation and parser for Sigma rules.
Simple (relatively) things allowing you to dig a bit deeper than usual.
go-audit is an alternative to the auditd daemon that ships with many distros
ZincSearch . A lightweight alternative to elasticsearch that requires minimal resources, written in Go.
Techniques and numbers for estimating system's performance from first-principles
The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifa…
Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams.
Load any Beacon Object File using Powershell!
2021 Velociraptor Contributor Competition Entry
A Go library to apply RFC6902 patches and create and apply RFC7386 patches
ELF file viewer/editor for Windows, Linux and MacOS.
A repository of DFIR-related Mind Maps geared towards the visual learners!
Neo23x0 / sysmon-config
Forked from SwiftOnSecurity/sysmon-configSysmon configuration file template with default high-quality event tracing
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
The TpmTool utility is a simple cross-platform tool for accessing TPM2.0 Non-Volatile (NV) Spaces (Index Values) on compliant systems, with zero dependencies on any TPM2.0 stack. It provides the ab…