Topic: dfir Goto Github
Some thing interesting about dfir
👇 Here are 528 public repositories matching this topic...
-
0xrawsec / whids
dfir,Open Source EDR for Windows
Organization: 0xrawsec
Home Page: https://rawsec.lu
dfir threat-hunting windows ids sysmon edr -
a3sal0n / cyberthreathunting
dfir,A collection of resources for Threat Hunters - Sponsored by Falcon Guard
User: a3sal0n
Home Page: https://falconguard.cz
threat-hunting dfir cybersecurity incident-response threat-intelligence -
api0cradle / lolbas
dfir,Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
User: api0cradle
lolbins lolscripts redteam blueteam purpleteam dfir living-off-the-land -
ashemery / linuxforensics
dfir,Everything related to Linux Forensics
User: ashemery
Home Page: https://linuxdfir.ashemery.com/
linux forensics dfir digital-forensics investigations -
atc-project / atc-react
dfir,A knowledge base of actionable Incident Response techniques
Organization: atc-project
incident-response response-playbooks dfir thehive mitre-attack amitt -
bert-janp / hunting-queries-detection-rules
dfir,KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
User: bert-janp
Home Page: https://kqlquery.com
azure defender-for-endpoint dfir kql sentinel threat-hunting vulnerability-management zero-day blueteam cybersecurity -
cisagov / chirp
dfir,A DFIR tool written in Python.
Organization: cisagov
cisa python yara-python dfir cybersecurity ioc -
clong / detectionlab
dfir,Automate the creation of a lab environment complete with security tooling and logging best practices
User: clong
vagrant vagrantfile packer information-security lab-environment dfir terraform ansible powershell detection -
cugu / awesome-forensics
dfir,A curated list of awesome forensic analysis tools and resources
User: cugu
Home Page: http://cugu.github.io/awesome-forensics/
computer-forensics digital-forensics forensic-analysis dfir open-source free -
cyb3r-monk / threat-hunting-and-detection
dfir,Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
User: cyb3r-monk
threat-hunting threat-detection cybersecurity defender-for-endpoint detection-engineering dfir kql kusto-language microsoft-sentinel -
darkquasar / azurehunter
dfir,A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
User: darkquasar
azure digital-forensics cloud-forensics cybersecurity azuresearcher azforensics threat-hunting threathunting incident-response unifiedauditlog -
dfirkuiper / kuiper
dfir,Digital Forensics Investigation Platform
User: dfirkuiper
dfir security incident-response artifacts parser digital-forensics -
fox-it / dissect
dfir,Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).
Organization: fox-it
Home Page: https://docs.dissect.tools/en/latest/
dfir dissect python -
-
-
inquest / threatingestor
dfir,Extract and aggregate threat intelligence.
Organization: inquest
Home Page: https://inquest.readthedocs.io/projects/threatingestor/
ioc indicators-of-compromise threatintel threat-intelligence osint dfir malware-research security-tools threat-sharing threat-feeds -
intelowlproject / intelowl
dfir,IntelOwl: manage your Threat Intelligence at scale
Organization: intelowlproject
Home Page: https://intelowlproject.github.io
security-tools python threat-intelligence ioc incident-response cyber-threat-intelligence enrichment honeynet osint osint-python -
jpcertcc / logontracer
dfir,Investigate malicious Windows logon by visualizing and analyzing Windows event log
Organization: jpcertcc
security dfir javascript visualization active-directory event-log blueteam python-3 -
lolbas-project / lolbas
dfir,Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Organization: lolbas-project
Home Page: https://lolbas-project.github.io
lolbins lolscripts redteam blueteam purpleteam dfir living-off-the-land -
lookyloo / lookyloo
dfir,Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.
Organization: lookyloo
Home Page: https://www.lookyloo.eu
information-security privacy web-security dfir capture scraping lookyloo -
maliceio / malice
dfir,VirusTotal Wanna Be - Now with 100% more Hipster
Organization: maliceio
malice docker malware infosec virustotal elasticsearch golang antivirus cloud cybersecurity -
matanolabs / matano
dfir,Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
Organization: matanolabs
Home Page: https://matano.dev
aws cloud security big-data serverless apache-iceberg log-analytics log-management threat-hunting rust -
mattnotmax / cyberchef-recipes
dfir,A list of cyber-chef recipes and curated links
User: mattnotmax
cyberchef malware dfir incident-response data-manipulation cyberchef-recipes regular-expression -
meirwah / awesome-incident-response
dfir,A curated list of tools for incident response
User: meirwah
incident-response security cybersecurity dfir awesome-list awesome list incident-response-tooling -
mikeroyal / digital-forensics-guide
dfir,Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
User: mikeroyal
digitalforensics digitalforensicreadiness forensics security forensics-tools digital-forensics threat-intelligence intrusion-detection mitre-attack detection-engineering -
-
neo23x0 / signature-base
dfir,YARA signature and IOC database for my scanners and tools
User: neo23x0
signature yara-rules ioc scanner yara anti-virus hash threat-hunting threat-intelligence dfir -
netflix-skunkworks / diffy
dfir,:no_entry: (DEPRECATED) Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
Organization: netflix-skunkworks
security dfir forensics -
obsidianforensics / hindsight
dfir,Web browser forensics for Google Chrome/Chromium
User: obsidianforensics
Home Page: https://dfir.blog/hindsight/
google-chrome hindsight chrome forensics dfir -
olafhartong / sysmon-modular
dfir,A repository of sysmon configuration modules
User: olafhartong
sysmon dfir threat-hunting mitre-attack modular security-tools -
olafhartong / threathunting
dfir,A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
User: olafhartong
splunk mitre-attack threat-hunting dfir -
otrf / threathunter-playbook
dfir,A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
Organization: otrf
threat-hunting sysmon hunting-campaigns hypothesis hunting dfir hunter mitre-attack-db mitre -
purp1ew0lf / blue-team-notes
dfir,You didn't think I'd go and leave the blue team out, right?
User: purp1ew0lf
dfir powershell blueteam infosec cybersecurity -
sbousseaden / evtx-attack-samples
dfir,Windows Events Attack Samples
User: sbousseaden
Home Page: https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES
threat-hunting evtx windows-security mitre-attack detection-engineering dataset winlogbeat dfir -
security-onion-solutions / security-onion
dfir,Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management
Organization: security-onion-solutions
Home Page: https://securityonion.net
intrusion-detection network-security-monitoring log-management ids nsm hunting dfir -
securityjoes / masterparser
dfir,MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
Organization: securityjoes
Home Page: https://github.com/YosfanEilay
dfir dfir-automation infosec ir mdr soc cyber-security powershell reporting tools -
stuhli / awesome-event-ids
dfir,Collection of Event ID ressources useful for Digital Forensics and Incident Response
User: stuhli
ir dfir digitalforensics forensics incident-response -
stuxnet999 / memlabs
dfir,Educational, CTF-styled labs for individuals interested in Memory Forensics
User: stuxnet999
forensics dfir memory-forensics windows ctf ctf-challenges digital-forensics security cybersecurity -
tclahr / uac
dfir,UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
User: tclahr
Home Page: https://tclahr.github.io/uac-docs
incident-response forensics computer-forensics triage linux aix solaris macos openbsd freebsd -
thehive-project / cortex
dfir,Cortex: a Powerful Observable Analysis and Active Response Engine
Organization: thehive-project
Home Page: https://thehive-project.org
response dfir analysis analyzer thehive engine scala python rest api -
thehive-project / thehive
dfir,TheHive: a Scalable, Open Source and Free Security Incident Response Platform
Organization: thehive-project
Home Page: https://thehive-project.org
misp security-incidents analyzer iocs thehive digital-forensics incident-response rest api scala -
tomchop / malcom
dfir,Malcom - Malware Communications Analyzer
User: tomchop
malware network-traffic pcap threat-intelligence malware-analysis infosec dfir -
toniblyx / my-arsenal-of-aws-security-tools
dfir,List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
User: toniblyx
cloud auditing incident-response aws-inventory iam dfir cloudtrail aws-infrastructure aws-lambda security -
withsecurelabs / chainsaw
dfir,Rapidly Search and Hunt through Windows Forensic Artefacts
Organization: withsecurelabs
attack rust security threat-hunting blueteam chainsaw detection dfir forensics logs -
-
-
yampelo / beagle
dfir,Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
User: yampelo
security digital-forensics incident-response graph dfir forensic-analysis threat-hunting -
-
yeti-platform / yeti
dfir,Your Everyday Threat Intelligence
Organization: yeti-platform
Home Page: https://yeti-platform.io/
infosec threatintel threat-sharing threat-hunting enrichment intelligence dfir -
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.