Topic: dfir Goto Github

👇 Here are 513 public repositories matching this topic...

0xrawsec / whids
dfir,Open Source EDR for Windows
Organization: 0xrawsec
Home Page: https://rawsec.lu
dfir threat-hunting windows ids sysmon edr

a3sal0n / cyberthreathunting
dfir,A collection of resources for Threat Hunters - Sponsored by Falcon Guard
User: a3sal0n
Home Page: https://falconguard.cz
threat-hunting dfir cybersecurity incident-response threat-intelligence

andrewrathbun / dfirartifactmuseum
dfir,The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifacts that may no longer be readily available anymore.
User: andrewrathbun
dfir artifacts-repository windows linux ios android macos

api0cradle / lolbas
dfir,Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
User: api0cradle
lolbins lolscripts redteam blueteam purpleteam dfir living-off-the-land

ashemery / linuxforensics
dfir,Everything related to Linux Forensics
User: ashemery
Home Page: https://linuxdfir.ashemery.com/
linux forensics dfir digital-forensics investigations

atc-project / atc-react
dfir,A knowledge base of actionable Incident Response techniques
Organization: atc-project
incident-response response-playbooks dfir thehive mitre-attack amitt

bert-janp / hunting-queries-detection-rules
dfir,KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
User: bert-janp
Home Page: https://kqlquery.com
azure defender-for-endpoint dfir kql sentinel threat-hunting vulnerability-management zero-day blueteam cybersecurity

cisagov / chirp
dfir,A DFIR tool written in Python.
Organization: cisagov
cisa python yara-python dfir cybersecurity ioc

clong / detectionlab
dfir,Automate the creation of a lab environment complete with security tooling and logging best practices
User: clong
vagrant vagrantfile packer information-security lab-environment dfir terraform ansible powershell detection

cugu / awesome-forensics
dfir,A curated list of awesome forensic analysis tools and resources
User: cugu
Home Page: http://cugu.github.io/awesome-forensics/
computer-forensics dfir digital-forensics forensic-analysis free open-source

cyb3r-monk / threat-hunting-and-detection
dfir,Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
User: cyb3r-monk
threat-hunting threat-detection cybersecurity defender-for-endpoint detection-engineering dfir kql kusto-language microsoft-sentinel

darkquasar / azurehunter
dfir,A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
User: darkquasar
azforensics azure azure-forensics azuresearcher cloud-forensics cybersecurity dfir digital-forensics incident-response powershellv5 threat-hunting threathunting unifiedauditlog

dfirkuiper / kuiper
dfir,Digital Forensics Investigation Platform
User: dfirkuiper
dfir security incident-response artifacts parser digital-forensics

fox-it / dissect
dfir,Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).
Organization: fox-it
Home Page: https://docs.dissect.tools/en/latest/
dfir dissect python

google / timesketch
dfir,Collaborative forensic timeline analysis
Organization: google
forensics dfir security timeline analysis

google / turbinia
dfir,Automation and Scaling of Digital Forensics Tools
Organization: google
forensics dfir security security-automation cloud

inquest / threatingestor
dfir,Extract and aggregate threat intelligence.
Organization: inquest
Home Page: https://inquest.readthedocs.io/projects/threatingestor/
ioc indicators-of-compromise threatintel threat-intelligence osint dfir malware-research security-tools threat-sharing threat-feeds

intelowlproject / intelowl
dfir,IntelOwl: manage your Threat Intelligence at scale
Organization: intelowlproject
Home Page: https://intelowlproject.github.io
security-tools python threat-intelligence ioc incident-response cyber-threat-intelligence enrichment honeynet osint osint-python

jpcertcc / logontracer
dfir,Investigate malicious Windows logon by visualizing and analyzing Windows event log
Organization: jpcertcc
active-directory blueteam dfir event-log javascript python-3 security visualization

lolbas-project / lolbas
dfir,Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Organization: lolbas-project
Home Page: https://lolbas-project.github.io
lolbins lolscripts redteam blueteam purpleteam dfir living-off-the-land

lookyloo / lookyloo
dfir,Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.
Organization: lookyloo
Home Page: https://www.lookyloo.eu
information-security privacy web-security dfir capture scraping lookyloo

maliceio / malice
dfir,VirusTotal Wanna Be - Now with 100% more Hipster
Organization: maliceio
malice docker malware infosec virustotal elasticsearch golang antivirus cloud cybersecurity

matanolabs / matano
dfir,Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
Organization: matanolabs
Home Page: https://matano.dev
aws cloud security big-data serverless apache-iceberg log-analytics log-management threat-hunting rust

mattnotmax / cyberchef-recipes
dfir,A list of cyber-chef recipes and curated links
User: mattnotmax
cyberchef malware dfir incident-response data-manipulation cyberchef-recipes regular-expression

meirwah / awesome-incident-response
dfir,A curated list of tools for incident response
User: meirwah
incident-response security cybersecurity dfir awesome-list awesome list incident-response-tooling

mikeroyal / digital-forensics-guide
dfir,Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
User: mikeroyal
digitalforensics digitalforensicreadiness forensics security forensics-tools digital-forensics threat-intelligence intrusion-detection mitre-attack detection-engineering

neo23x0 / loki
dfir,Loki - Simple IOC and YARA Scanner
User: neo23x0
Home Page: https://www.nextron-systems.com/compare-our-scanners/
python yara signature scanner ioc otx antivirus hash yara-rules dfir

neo23x0 / signature-base
dfir,YARA signature and IOC database for my scanners and tools
User: neo23x0
signature yara-rules ioc scanner yara anti-virus hash threat-hunting threat-intelligence dfir

netflix-skunkworks / diffy
dfir,:no_entry: (DEPRECATED) Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
Organization: netflix-skunkworks
dfir forensics security

obsidianforensics / hindsight
dfir,Web browser forensics for Google Chrome/Chromium
User: obsidianforensics
Home Page: https://dfir.blog/hindsight/
google-chrome hindsight chrome forensics dfir

olafhartong / sysmon-modular
dfir,A repository of sysmon configuration modules
User: olafhartong
sysmon dfir threat-hunting mitre-attack modular security-tools

olafhartong / threathunting
dfir,A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
User: olafhartong
splunk mitre-attack threat-hunting dfir

otrf / threathunter-playbook
dfir,A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
Organization: otrf
threat-hunting sysmon hunting-campaigns hypothesis hunting dfir hunter mitre-attack-db mitre

purp1ew0lf / blue-team-notes
dfir,You didn't think I'd go and leave the blue team out, right?
User: purp1ew0lf
dfir powershell blueteam infosec cybersecurity

sbousseaden / evtx-attack-samples
dfir,Windows Events Attack Samples
User: sbousseaden
Home Page: https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES
threat-hunting evtx windows-security mitre-attack detection-engineering dataset winlogbeat dfir

security-onion-solutions / security-onion
dfir,Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management
Organization: security-onion-solutions
Home Page: https://securityonion.net
intrusion-detection network-security-monitoring log-management ids nsm hunting dfir

stuhli / awesome-event-ids
dfir,Collection of Event ID ressources useful for Digital Forensics and Incident Response
User: stuhli
ir dfir digitalforensics forensics incident-response

stuxnet999 / memlabs
dfir,Educational, CTF-styled labs for individuals interested in Memory Forensics
User: stuxnet999
forensics dfir memory-forensics windows ctf ctf-challenges digital-forensics security cybersecurity

tclahr / uac
dfir,UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
User: tclahr
Home Page: https://tclahr.github.io/uac-docs
incident-response forensics computer-forensics triage linux aix solaris macos openbsd freebsd

thehive-project / cortex
dfir,Cortex: a Powerful Observable Analysis and Active Response Engine
Organization: thehive-project
Home Page: https://thehive-project.org
analysis analyzer api cortex cyber-threat-intelligence dfir digital-forensics engine free free-software incident-response iocs observable open-source python response rest scala security-incidents thehive

thehive-project / thehive
dfir,TheHive: a Scalable, Open Source and Free Security Incident Response Platform
Organization: thehive-project
Home Page: https://thehive-project.org
misp security-incidents analyzer iocs thehive digital-forensics incident-response rest api scala

tomchop / malcom
dfir,Malcom - Malware Communications Analyzer
User: tomchop
malware network-traffic pcap threat-intelligence malware-analysis infosec dfir

toniblyx / my-arsenal-of-aws-security-tools
dfir,List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
User: toniblyx
cloud auditing incident-response aws-inventory iam dfir cloudtrail aws-infrastructure aws-lambda security

withsecurelabs / chainsaw
dfir,Rapidly Search and Hunt through Windows Forensic Artefacts
Organization: withsecurelabs
attack rust security threat-hunting blueteam chainsaw detection dfir forensics logs sigma windows countercept

yamato-security / hayabusa
dfir,Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Organization: yamato-security
attack cybersecurity detection dfir event forensics hayabusa hunting incident incident-response logs response rust security security-automation sigma threat threat-hunting windows yamato

yamato-security / wela
dfir,WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）
Organization: yamato-security
dfir log analysis forensics incident response sigma windows event logs

yampelo / beagle
dfir,Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
User: yampelo
security digital-forensics incident-response graph dfir forensic-analysis threat-hunting

ydkhatri / mac_apt
dfir,macOS (& ios) Artifact Parsing Tool
User: ydkhatri
Home Page: https://swiftforensics.com
dfir forensics macos

yeti-platform / yeti
dfir,Your Everyday Threat Intelligence
Organization: yeti-platform
Home Page: https://yeti-platform.io/
infosec threatintel threat-sharing threat-hunting enrichment intelligence dfir

zeek / zeek
dfir,Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
Organization: zeek
Home Page: https://www.zeek.org
bro network-monitoring pcap security nsm dfir zeek