dfir
Here are 557 public repositories matching this topic...
🏴☠️ BST is an ever-evolving collection of 🛠 tools to help in security and administration day to day tasks 😉
-
Updated
May 29, 2024 - Python
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
-
Updated
May 28, 2024 - Rust
Forensic Artifacts Collecting Toolset
-
Updated
May 28, 2024 - Go
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
-
Updated
May 28, 2024 - Python
Your Everyday Threat Intelligence
-
Updated
May 28, 2024 - Python
UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
-
Updated
May 28, 2024 - Shell
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
-
Updated
May 28, 2024 - PowerShell
Warning lists to inform users of MISP about potential false-positives or other information in indicators
-
Updated
May 28, 2024 - Python
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.
-
Updated
May 28, 2024 - Python
A curated list of tools for incident response. With repository stars⭐ and forks🍴
-
Updated
May 28, 2024
IntelOwl: manage your Threat Intelligence at scale
-
Updated
May 28, 2024 - Python
A cross platform forensic parser written in Rust!
-
Updated
May 29, 2024 - Rust
Cryptocurrency Triage Tool - Identify multiple cryptocurrency addresses and transactions from various wallet applications!
-
Updated
May 27, 2024 - Python
Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" macOS binaries and how they can be used by threat actors for malicious purposes.
-
Updated
May 27, 2024 - Python
Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and environment variables. Dumps, detects and dissasemble hooks, shellcode, memory regions, modules and processes.
-
Updated
May 27, 2024 - C++
Improve this page
Add a description, image, and links to the dfir topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the dfir topic, visit your repo's landing page and select "manage topics."