Stars
Active Directory data ingestor for BloodHound Legacy written in Rust. 🦀
PowerShell tools to help defenders hunt smarter, hunt harder.
Repository where I hold random detection and threat hunting queries that I come up with based on different sources of information (or even inspiration).
Utility to decompress Linux swsusp hibernation file.
PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.
A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID
MBCProject / capa-rules-1
Forked from mandiant/capa-rulesStandard collection of rules for capa: the tool for enumerating the capabilities of programs
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
Script for automating Linux memory capture and analysis
Analyze PDFs. With colors. And Yara.
Visually inspect and force decode YARA and regex matches found in both binary and text data. With Colors.
Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR
GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]
GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]
A python script to turn Ubuntu Desktop in a one stop security platform. The InfoSec Fortress installs the packages,tools, and resources to make Ubuntu 20.04 capable of both offensive and defensive …
darrenbilby / timesketch
Forked from google/timesketchCollaborative forensics timeline analysis
The official repo for a project involving a crowdsourced DFIR book. The main purpose of this book is to give anyone interested an opportunity to write a chapter of a book to get their name out ther…
The FLARE team's open-source tool to identify capabilities in executable files.
Public tools, scripts or code snippets that can help when working with our products
Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders
Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect and divert the forensic analysis techniques. The plugin dete…
Impacket is a collection of Python classes for working with network protocols.
YARA signature and IOC database for my scanners and tools
Educational, CTF-styled labs for individuals interested in Memory Forensics
Windows privilege escalation (enumeration) script designed with OSCP labs (legacy Windows) in mind