PowerShell script to help Incident Responders discover potential adversary persistence mechanisms.
-
Updated
May 15, 2024 - PowerShell
PowerShell script to help Incident Responders discover potential adversary persistence mechanisms.
IntelOwl: manage your Threat Intelligence at scale
Extracted Yara rules from Windows Defender mpavbase and mpasbase
Sigma detection rules for hunting with the threathunting-keywords project
CLI tools for forensic investigation of Windows artifacts
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Accelerating the collection, processing, analysis and outputting of digital forensic artefacts.
Mantis is a forensics tool in Go leveraging utilities from Sysinternals and Nirsoft for system analysis and investigation. Automates systems logs retrieval, network connections, process activity analysis, autoruns configurations and more.
Awesome list of keywords and artifacts for Threat Hunting sessions
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.
Collection of acquisition scripts for collecting digital forensic artefacts
yara detection rules for hunting with the threathunting-keywords project
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
A curated list of tools for incident response. With repository stars⭐ and forks🍴
Helm charts for running open source digital forensic tools in Kubernetes
Add a description, image, and links to the dfir topic page so that developers can more easily learn about it.
To associate your repository with the dfir topic, visit your repo's landing page and select "manage topics."