DFIR LABS - A compilation of challenges that aims to provide practice in simple to advanced concepts in the following topics: Digital Forensics, Incident Response, Malware Analysis and Threat Hunting.
☆428Nov 28, 2025Updated 3 months ago
Alternatives and similar repositories for DFIR-LABS
Users that are interested in DFIR-LABS are comparing it to the libraries listed below
Sorting:
- Just Another broken Registry Parser (JARP)☆16May 23, 2024Updated last year
- Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!☆461Aug 13, 2024Updated last year
- Repository where I hold random detection and threat hunting queries that I come up with based on different sources of information (or eve…☆277Dec 20, 2025Updated 2 months ago
- Contains compiled binaries of Volatility☆36May 18, 2025Updated 9 months ago
- A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID☆577Dec 6, 2025Updated 3 months ago
- Free hands-on digital forensics labs for students and faculty☆2,518Updated this week
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆89Feb 9, 2025Updated last year
- This repository contains detailed adversary simulation APT campaigns targeting various critical sectors. Each simulation includes custom …☆1,049Feb 26, 2026Updated last week
- Practical Windows Forensics Training☆749Feb 16, 2026Updated 3 weeks ago
- A powerful macOS triage collection tool designed for forensic analysis. It gathers critical system artifacts such as FSEvents, Spotlight,…☆38Oct 24, 2025Updated 4 months ago
- PowerShell tools to help defenders hunt smarter, hunt harder.☆473Oct 29, 2025Updated 4 months ago
- ☆24Mar 12, 2025Updated 11 months ago
- PowerShell Digital Forensics & Incident Response Scripts.☆772Jan 14, 2026Updated last month
- Documentation and scripts to properly enable Windows event logs.☆673Oct 3, 2025Updated 5 months ago
- CLI tools for forensic investigation of Windows artifacts☆349Jul 21, 2025Updated 7 months ago
- A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as …☆432Feb 18, 2026Updated 2 weeks ago
- ☆70Feb 15, 2026Updated 3 weeks ago
- A resource containing all the tools each ransomware gangs uses☆1,332Dec 24, 2025Updated 2 months ago
- Multi-agent AI system using GPT-4o, DeepSeek v3, and Llama 3.3 to detect if CVE vulnerabilities were exploited as zero-days. Analyzes…☆20Feb 13, 2026Updated 3 weeks ago
- Command and Control Framework using powershell implants☆36Jun 17, 2025Updated 8 months ago
- ShellSweeping the evil.☆181Nov 25, 2024Updated last year
- The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifa…☆646Nov 7, 2025Updated 4 months ago
- A centralized and enhanced memory analysis platform☆520Jul 13, 2025Updated 7 months ago
- ☆15May 3, 2024Updated last year
- MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs☆757Feb 1, 2026Updated last month
- Search Index Database Reporter☆131Oct 28, 2025Updated 4 months ago
- A curated list of awesome Memory Forensics for DFIR☆526Feb 19, 2025Updated last year
- PurpleLab is an efficient and readily deployable lab solution, providing a swift setup for cybersecurity professionals to test detection…☆726Feb 14, 2026Updated 3 weeks ago
- Lena's scripts/code/resources for malware analysis☆26Jun 13, 2024Updated last year
- A repository of credential stealer formats☆250Jun 10, 2025Updated 8 months ago
- Segugio allows the execution and tracking of critical steps in the malware detonation process, from clicking on the first stage to extrac…☆151Sep 21, 2024Updated last year
- Awesome list of keywords and artifacts for Threat Hunting sessions☆641Aug 4, 2025Updated 7 months ago
- yara detection rules for hunting with the threathunting-keywords project☆157May 11, 2025Updated 9 months ago
- Raw data from Threat Intelligence Reports with automatic reports collection and keyword search across thousands of reports☆155Updated this week
- ☆35Jan 27, 2025Updated last year
- KQL Queries. Microsoft Defender, Microsoft Sentinel☆834Updated this week
- Bear C2 is a compilation of C2 scripts, payloads, and stagers used in simulated attacks by Russian APT groups, Bear features a variety of…☆507Aug 14, 2025Updated 6 months ago
- A community-driven repository for threat hunting ideas, methodologies, and research that serves as a central gathering place for hunters …☆303Updated this week
- A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.☆43Jul 18, 2022Updated 3 years ago