Alternatives and similar repositories for SANSTHS2021

Users that are interested in SANSTHS2021 are comparing it to the libraries listed below

• n3l5 / irMempull

  View on GitHub
  PowerShell Memory Pulling script
  ☆19Mar 24, 2015Updated 10 years ago
• dwmetz / PSHero

  View on GitHub
  PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.
  ☆36Jul 11, 2023Updated 2 years ago
• elastic / sans-dfir-2022

  View on GitHub
  Repo with supporting material for the talk titled "Cracking the Beacon: Automating the extraction of implant configurations"
  ☆11Feb 6, 2025Updated last year
• dfir-scripts / EverReady-Disk-Mount

  View on GitHub
  Disk Image Mounting Script
  ☆11Jan 22, 2026Updated 3 weeks ago
• mandiant / rvmi-qemu

  View on GitHub
  QEMU with rVMI extensions
  ☆25Jul 25, 2017Updated 8 years ago
• WithSecureLabs / FLAIR

  View on GitHub
  F-Secure Lightweight Acqusition for Incident Response (FLAIR)
  ☆16Jul 5, 2021Updated 4 years ago
• dfirlabs / ntfs-specimens

  View on GitHub
  NTFS file system specimens
  ☆13Jul 3, 2023Updated 2 years ago
• opencybersecurityalliance / kestrel-huntbook

  View on GitHub
  This repository hosts community contributed Kestrel huntflows (.hf) and huntbooks (.ipynb)
  ☆37Jan 2, 2024Updated 2 years ago
• gertjanbruggink / presentations

  View on GitHub
  This directory contains presentations and related materials of my speaking engagements. I also use this to record historical presentation…
  ☆17Feb 13, 2025Updated last year
• capesstack / capes-docker

  View on GitHub
  Cyber Analytics Platform and Examination System (CAPES) Project Page
  ☆14Feb 1, 2022Updated 4 years ago
• mvelazc0 / Talks-Presentations

  View on GitHub
  Resource links (video, slides & code) for my conference talks | presentations | workshops
  ☆21Nov 17, 2025Updated 2 months ago
• e-sterling / Nmap-Scan.PS1

  View on GitHub
  PowerShell wrapper for nmap, allows easy scanning of many hosts and subnets
  ☆15Apr 1, 2018Updated 7 years ago
• austinsonger / Elastic-Security

  View on GitHub
  Repo for Automations and other solutions for Elastic SIEM/Security.
  ☆18Jun 15, 2021Updated 4 years ago
• outflanknl / RedFile

  View on GitHub
  Serving files with conditions, serverside keying and more.
  ☆18May 26, 2022Updated 3 years ago
• cisagov / gatherer

  View on GitHub
  Gather domains as a precursor to scanning
  ☆20Updated this week
• s0lari / Decoy-sploit

  View on GitHub
  Bunch of honey related items that spoof/decoy powersploit functions.
  ☆18Apr 23, 2020Updated 5 years ago
• 0xtf / HAMISPA

  View on GitHub
  Notes for High Availability MISP in AWS
  ☆19Nov 6, 2019Updated 6 years ago
• hardwaterhacker / scandiff

  View on GitHub
  Scandiff is a PowerShell script to automate host discovery and scanning with nmap. After discovering and scanning hosts, scandiff perfor…
  ☆17Oct 29, 2014Updated 11 years ago
• rinure-msft / Azure-Sentinel

  View on GitHub
  Cloud-native SIEM for intelligent security analytics for your entire enterprise.
  ☆20Apr 4, 2023Updated 2 years ago
• mandiant / rvmi-kvm

  View on GitHub
  Linux-KVM with rVMI extensions
  ☆22Aug 28, 2017Updated 8 years ago
• brimorlabs / KStrike

  View on GitHub
  Stand-alone parser for User Access Logging from Server 2012 and newer systems
  ☆78Jan 9, 2024Updated 2 years ago
• WithSecureLabs / lazarus-sigma-rules

  View on GitHub
  ☆19Oct 23, 2020Updated 5 years ago
• bluemountaincyber / evidence-app

  View on GitHub
  Serverless AWS application to upload and hash evidence files.
  ☆23Oct 26, 2022Updated 3 years ago
• 00010111 / gMetaDataParse

  View on GitHub
  ☆24Mar 12, 2025Updated 11 months ago
• tomwechsler / Microsoft_365_Enterprise_Mobility_Security

  View on GitHub
  All about Microsoft 365 Enterprise Mobility + Security (EMS)
  ☆25Dec 3, 2023Updated 2 years ago
• adityaks / strafer

  View on GitHub
  Strafer: A tool to detect potential infections in Elasticsearch instances
  ☆27Mar 14, 2021Updated 4 years ago
• murchisd / splunk_pstree_app

  View on GitHub
  Custom Splunk search command to reconstruct a pstree from Sysmon process creation events (EventCode 1)
  ☆24Mar 3, 2023Updated 2 years ago
• DefensiveOrigins / APTv4_Defcon28

  View on GitHub
  Defcon 28 - Red Team Village - Applied Purple Teaming - Why Can't We Be Friends
  ☆26Aug 9, 2020Updated 5 years ago
• aboutsecurity / Talks-and-Presentations

  View on GitHub
  Slides and Other Resources from my latest Talks and Presentations
  ☆24Sep 17, 2025Updated 4 months ago
• brandonscholet / wappybird

  View on GitHub
  Wappalyzer CLI tool to find Web Technologies
  ☆61Oct 6, 2023Updated 2 years ago
• thewhiteninja / deobshell

  View on GitHub
  Powershell script deobfuscation using AST in Python
  ☆73Sep 20, 2025Updated 4 months ago
• iomoath / FileWatchTower

  View on GitHub
  FWT is a security analysis and file monitoring tool that utilizes Sysmon events.
  ☆28Jul 15, 2024Updated last year
• dfir-ronin / APT-OpenIOC-Detection-Rules

  View on GitHub
  This repository contains OpenIOC rules to aid in hunting for indicators of compromise and TTPs focused on Advanced Persistent Threat grou…
  ☆26Oct 3, 2023Updated 2 years ago
• vadim-hunter / Detection-Ideas-Rules

  View on GitHub
  Detection Ideas & Rules repository.
  ☆178Sep 10, 2021Updated 4 years ago
• JPCERTCC / ToolAnalysisResultSheet

  View on GitHub
  Tool Analysis Result Sheet
  ☆356Dec 4, 2017Updated 8 years ago
• BinaryDefense / beacon-fronting

  View on GitHub
  A simple command line program to help defender test their detections for network beacon patterns and domain fronting
  ☆70Feb 3, 2022Updated 4 years ago
• RedSiege / ProxmarkWrapper

  View on GitHub
  A wrapper around the Proxmark3 client that will alert the user of specific events
  ☆30Dec 13, 2020Updated 5 years ago
• HASecuritySolutions / Presentations

  View on GitHub
  ☆134Mar 21, 2024Updated last year
• invictus-ir / Blue-team-app-Office-365-and-Azure

  View on GitHub
  ☆73Oct 21, 2024Updated last year