Alternatives and similar repositories for forensics

Users that are interested in forensics are comparing it to the libraries listed below

• Intellisec-Solutions / Microsoft-Sentinel-SIGMA-Rules-Workbook
  ☆12Updated 3 years ago
• CTI-Driven / Microsoft-ASR-to-MITRE-ATTACK-Mapping-Project
  This project aims to bridge the gap between Microsoft Attack Surface Reduction (ASR) rules and MITRE ATT&CK by mapping ASR rules to their…
  ☆29Updated last year
• matthieugras / timeline-downloader
  ☆70Updated this week
• svch0stz / velociraptor-detections
  ☆22Updated 3 years ago
• Beercow / DFIR_Toolbar
  ☆28Updated 3 months ago
• nasbench / Eventlog_Compendium
  The Eventlog Compendium is the go-to resource for understanding Windows Event Logs.
  ☆51Updated 9 months ago
• kev365 / ToolFetcher
  A tool for fetching DFIR and other GitHub tools.
  ☆25Updated 6 months ago
• SecurityAura / Aura-Research
  Repo that hold write-ups of various research projects I did and/or overall InfoSec things I investigated/researched.
  ☆21Updated last year
• msdirtbag / azurevelo
  Velociraptor Server hosted in Azure App Service
  ☆59Updated 8 months ago
• mthcht / ThreatHunting-Keywords-sigma-rules
  Sigma detection rules for hunting with the threathunting-keywords project
  ☆58Updated 11 months ago
• krdmnbrk / atomicgen.io
  A simple tool designed to create Atomic Red Team tests with ease.
  ☆49Updated 10 months ago
• reversinglabs / reversinglabs-siem-rules
  A collection of various SIEM rules relating to malware family groups.
  ☆70Updated last year
• securityjoes / Crowdstrike-Deploy
  The ultimate repository for remotely deploying Crowdstrike sensors quickly and discreetly on any other EDR platform.
  ☆23Updated 5 months ago
• Sam0x90 / CTI
  Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so on
  ☆84Updated last year
• Bert-JanP / Domain-Response
  Domain Response is a tool that is designed to help you automate the investigation for a domain. This tool is specificly designed to autom…
  ☆49Updated last month
• Sam0x90 / CB-Threat-Hunting
  CarbonBlack EDR detection rules and response actions
  ☆73Updated last year
• 0xAnalyst / DefenderATPQueries
  Hunting Queries for Defender ATP
  ☆82Updated last month
• curated-intel / MOVEit-Transfer
  A repository for tracking events related to the MOVEit Transfer Cl0p Campaign
  ☆71Updated 2 years ago
• op7ic / Cloud-Investigate
  A preconfigured Windows-based system designed for rapid forensic investigations in both Azure and AWS.
  ☆40Updated last year
• bittib010 / AjourVolAutolity
  A project that aims to automate Volatility3 at scale with the use of cloud strength and the power of KQL inside ADX.
  ☆16Updated 5 months ago
• archanchoudhury / Threat-Hunting
  This Repository gives the best and possible strategies against hunting the ransomware
  ☆26Updated 3 years ago
• openrelik / openrelik-deploy
  Tools and scripts to deploy and manage OpenRelik instances
  ☆16Updated 7 months ago
• tsale / EDR-Telemetry-Website
  ☆74Updated 3 weeks ago
• joeavanzato / crackdown
  Helping Incident Responders hunt for potential persistence mechanisms on UNIX-based systems.
  ☆17Updated 2 years ago
• st0pp3r / awesome-detection-engineer
  Online resources related to Detection Engineering. Detection rules, detection logic, attack samples, detection tests and emulation tools…
  ☆141Updated 2 months ago
• Neo23x0 / Talks
  Slides of my public talks
  ☆56Updated 2 years ago
• joeavanzato / velociraptor-timeline-creator
  VTC - Velociraptor Timeline Creator
  ☆19Updated last year
• jischell-msft / RemoteManagementMonitoringTools
  Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations
  ☆103Updated 5 months ago
• xg5-simon / MS-Graph-BlueTeam
  MS Graph Commands and Tools for Blue Teamers
  ☆52Updated 2 years ago
• cudeso / proof-value-cti
  Repository documenting how Threat Intelligence and / or a Threat Intelligence Platform can prove its value to an organisation.
  ☆53Updated last year