The Github project for The Defender's Guide by Luke Paine and Jonathan Johnson
☆159Jun 15, 2023Updated 2 years ago
Alternatives and similar repositories for TheDefendersGuide
Users that are interested in TheDefendersGuide are comparing it to the libraries listed below
Sorting:
- Documentation and scripts to properly enable Windows event logs.☆672Oct 3, 2025Updated 5 months ago
- ☆261May 9, 2024Updated last year
- ☆11Jun 12, 2023Updated 2 years ago
- Registry to JSON. This Project is for learning purposes and is not maintained.☆12Dec 28, 2021Updated 4 years ago
- ☆252Jun 7, 2025Updated 8 months ago
- PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.☆37Jul 11, 2023Updated 2 years ago
- 🛡️ Assign AD permissions via PowerShell templates — Simplify and standardize AD delegation with reusable PowerShell templates.☆24Updated this week
- TrustedSec Sysinternals Sysmon Community Guide☆1,372Feb 10, 2026Updated 3 weeks ago
- A Jupyter notebook to assist with the analysis of the output generated from Volatility memory extraction framework.☆97May 28, 2023Updated 2 years ago
- Abusing Azure services over C2☆367Jan 20, 2026Updated last month
- Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows…☆2,055Dec 11, 2024Updated last year
- A repository that maps commonly used attacks using MSRPC protocols to ATT&CK☆342May 30, 2023Updated 2 years ago
- Go implementation of an Extensible Storage Engine parser☆32Feb 15, 2025Updated last year
- Rules generated from our investigations.☆204Jun 17, 2025Updated 8 months ago
- A Cobalt Strike Scanner that retrieves detected Team Server beacons into a JSON object☆168Oct 14, 2022Updated 3 years ago
- Collection of Event ID ressources useful for Digital Forensics and Incident Response☆644Jun 19, 2024Updated last year
- A Windows event logging and collection baseline focused on finding balance between forensic value and optimising retention.☆293Aug 26, 2021Updated 4 years ago
- Pushes Sysmon Configs☆90Jun 11, 2021Updated 4 years ago
- The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifa…☆646Nov 7, 2025Updated 3 months ago
- This project aims to compare and evaluate the telemetry of various EDR products.☆1,930Jan 20, 2026Updated last month
- Apply a filter to the events being reported by windows event logging☆262Apr 24, 2021Updated 4 years ago
- Backend development stack for agents☆29Jul 30, 2025Updated 7 months ago
- ☆21May 8, 2022Updated 3 years ago
- Protect your servers with a secret header☆29Jun 12, 2020Updated 5 years ago
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆86Dec 17, 2025Updated 2 months ago
- Files related to works published in Black Mass☆10Sep 16, 2023Updated 2 years ago
- Detection Ideas & Rules repository.☆178Sep 10, 2021Updated 4 years ago
- PowerShell PE Parser☆63Jun 28, 2024Updated last year
- MDE relies on some of the Audit settings to be enabled☆100Jul 15, 2022Updated 3 years ago
- KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunt…☆1,638Feb 22, 2026Updated last week
- Stand-alone parser for User Access Logging from Server 2012 and newer systems☆78Jan 9, 2024Updated 2 years ago
- Reverse Engineering and Debugging Malware☆32Feb 27, 2023Updated 3 years ago
- WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)☆779Feb 3, 2023Updated 3 years ago
- Placeholder for my detection repo and misc detection engineering content☆42Oct 20, 2023Updated 2 years ago
- You didn't think I'd go and leave the blue team out, right?☆1,732Jan 5, 2026Updated last month
- ☆61Jun 24, 2023Updated 2 years ago
- Windows 10 Live Information viewer☆38Jan 27, 2022Updated 4 years ago
- OSSEM Modular☆27Jun 29, 2020Updated 5 years ago
- Provides an advanced input.conf file for Windows and 3rd party related software with more than 70 different event log mapped to the MITRE…☆94Jun 28, 2025Updated 8 months ago