Azr43lKn1ght / DFIR-LABSView external linksLinks
DFIR LABS - A compilation of challenges that aims to provide practice in simple to advanced concepts in the following topics: Digital Forensics, Incident Response, Malware Analysis and Threat Hunting.
☆426Nov 28, 2025Updated 2 months ago
Alternatives and similar repositories for DFIR-LABS
Users that are interested in DFIR-LABS are comparing it to the libraries listed below
Sorting:
- Just Another broken Registry Parser (JARP)☆16May 23, 2024Updated last year
- Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!☆460Aug 13, 2024Updated last year
- Repository where I hold random detection and threat hunting queries that I come up with based on different sources of information (or eve…☆277Dec 20, 2025Updated last month
- Contains compiled binaries of Volatility☆36May 18, 2025Updated 8 months ago
- A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID☆574Dec 6, 2025Updated 2 months ago
- Free hands-on digital forensics labs for students and faculty☆2,422Feb 10, 2026Updated last week
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆89Feb 9, 2025Updated last year
- This repository contains detailed adversary simulation APT campaigns targeting various critical sectors. Each simulation includes custom …☆1,036Jan 11, 2026Updated last month
- Practical Windows Forensics Training☆740Updated this week
- A powerful macOS triage collection tool designed for forensic analysis. It gathers critical system artifacts such as FSEvents, Spotlight,…☆33Oct 24, 2025Updated 3 months ago
- PowerShell tools to help defenders hunt smarter, hunt harder.☆457Oct 29, 2025Updated 3 months ago
- ☆24Mar 12, 2025Updated 11 months ago
- PowerShell Digital Forensics & Incident Response Scripts.☆766Jan 14, 2026Updated last month
- Documentation and scripts to properly enable Windows event logs.☆672Oct 3, 2025Updated 4 months ago
- A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as …☆421Aug 10, 2025Updated 6 months ago
- CLI tools for forensic investigation of Windows artifacts☆349Jul 21, 2025Updated 6 months ago
- ☆68Nov 25, 2025Updated 2 months ago
- A resource containing all the tools each ransomware gangs uses☆1,327Dec 24, 2025Updated last month
- Multi-agent AI system using GPT-4o, DeepSeek v3, and Llama 3.3 to detect if CVE vulnerabilities were exploited as zero-days. Analyzes…☆19Updated this week
- Command and Control Framework using powershell implants☆36Jun 17, 2025Updated 7 months ago
- ShellSweeping the evil.☆181Nov 25, 2024Updated last year
- Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.☆3,020Updated this week
- The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifa…☆645Nov 7, 2025Updated 3 months ago
- A centralized and enhanced memory analysis platform☆519Jul 13, 2025Updated 7 months ago
- ☆15May 3, 2024Updated last year
- MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs☆754Feb 1, 2026Updated 2 weeks ago
- Search Index Database Reporter☆131Oct 28, 2025Updated 3 months ago
- A curated list of awesome Memory Forensics for DFIR☆521Feb 19, 2025Updated 11 months ago
- PurpleLab is an efficient and readily deployable lab solution, providing a swift setup for cybersecurity professionals to test detection…☆725Updated this week
- Lena's scripts/code/resources for malware analysis☆26Jun 13, 2024Updated last year
- A repository of credential stealer formats☆244Jun 10, 2025Updated 8 months ago
- Awesome list of keywords and artifacts for Threat Hunting sessions☆633Aug 4, 2025Updated 6 months ago
- Segugio allows the execution and tracking of critical steps in the malware detonation process, from clicking on the first stage to extrac…☆151Sep 21, 2024Updated last year
- yara detection rules for hunting with the threathunting-keywords project☆157May 11, 2025Updated 9 months ago
- Raw data from Threat Intelligence Reports with automatic reports collection and keyword search across thousands of reports☆150Updated this week
- ☆35Jan 27, 2025Updated last year
- KQL Queries. Microsoft Defender, Microsoft Sentinel☆827Updated this week
- Bear C2 is a compilation of C2 scripts, payloads, and stagers used in simulated attacks by Russian APT groups, Bear features a variety of…☆508Aug 14, 2025Updated 6 months ago
- A community-driven repository for threat hunting ideas, methodologies, and research that serves as a central gathering place for hunters …☆301Updated this week