Detecting Lateral Movement with Machine Learning
☆139Oct 31, 2017Updated 8 years ago
Alternatives and similar repositories for DetectLM
Users that are interested in DetectLM are comparing it to the libraries listed below
Sorting:
- Investigate suspicious activity by visualizing Sysmon's event log☆430Dec 22, 2023Updated 2 years ago
- Tool Analysis Result Sheet☆358Dec 4, 2017Updated 8 years ago
- Carve $MFT records from a chunk of data (for instance a memory dump)☆16Aug 21, 2016Updated 9 years ago
- Artifact analysis tools by JPCERT/CC Analysis Center☆462Aug 14, 2025Updated 7 months ago
- Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The…☆176Jun 10, 2021Updated 4 years ago
- Investigate malicious Windows logon by visualizing and analyzing Windows event log☆3,137Oct 19, 2025Updated 5 months ago
- A collection of scripts to initialize a windows VM to run all the malwares!☆107Apr 3, 2020Updated 5 years ago
- Lepus-CTF frontend application☆11Nov 2, 2015Updated 10 years ago
- A repository of Sysmon For Linux configuration modules☆16Oct 14, 2021Updated 4 years ago
- OSSEM Modular☆27Jun 29, 2020Updated 5 years ago
- Extract the password of the current user from flow (keylogger, config file, ..) Use SSPI to get a valid NTLM challenge/response and test …☆59Mar 8, 2019Updated 7 years ago
- Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux☆506Oct 21, 2022Updated 3 years ago
- ☆24Mar 19, 2020Updated 6 years ago
- PowerShell Memory Pulling script☆19Mar 24, 2015Updated 10 years ago
- ☆14May 18, 2022Updated 3 years ago
- Basic x86 Symbolic Execution for educational purposes☆18May 8, 2017Updated 8 years ago
- GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.☆634Jun 20, 2017Updated 8 years ago
- A modern Python-3-based alternative to RegRipper☆208Mar 31, 2025Updated 11 months ago
- PowerShell script to find 'vulnerable' security-related GPOs that should be hardended☆198Jun 1, 2018Updated 7 years ago
- YARA malware query accelerator (web frontend)☆437Feb 3, 2026Updated last month
- Yara matching in ElasticSearch.☆10Jun 12, 2018Updated 7 years ago
- Yet another way to find where to report an abuse☆31Jan 25, 2025Updated last year
- ☆28Mar 29, 2022Updated 3 years ago
- Lazy Office Analyzer☆121Feb 15, 2017Updated 9 years ago
- Tools for DFIR☆121Jan 25, 2018Updated 8 years ago
- Set of ultra technical notes about AD☆18Jun 17, 2018Updated 7 years ago
- Remote process dumping automation. Use it to dump Windows credentials remotely and extract clear text with Mimikatz offline☆35Jan 3, 2020Updated 6 years ago
- Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.☆1,340Dec 13, 2022Updated 3 years ago
- Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.☆938Dec 12, 2023Updated 2 years ago
- A Slack bot to add security info to messages containing URLs, hashes and IPs☆71Aug 28, 2024Updated last year
- Automated deployment of Windows and Active Directory test lab networks. Useful for red and blue teams.☆492Feb 16, 2019Updated 7 years ago
- Queries to parse sysmon event log file with microsoft logparser☆58Mar 31, 2015Updated 10 years ago
- Kirjuri is a web application for managing cases and physical forensic evidence items.☆107May 7, 2021Updated 4 years ago
- ☆310Aug 14, 2020Updated 5 years ago
- A C# tool for enumerating remote access policies through group policy.☆73Apr 18, 2019Updated 6 years ago
- A rewrite of mactime, a bodyfile reader☆40Aug 5, 2024Updated last year
- CASCADE Server☆274Dec 8, 2022Updated 3 years ago
- certstream + analytics☆11Jan 17, 2020Updated 6 years ago
- LogViewer for viewing and searching large text files...☆427Jul 3, 2019Updated 6 years ago