Detecting Lateral Movement with Machine Learning
☆139Oct 31, 2017Updated 8 years ago
Alternatives and similar repositories for DetectLM
Users that are interested in DetectLM are comparing it to the libraries listed below
Sorting:
- Carve $MFT records from a chunk of data (for instance a memory dump)☆16Aug 21, 2016Updated 9 years ago
- Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The…☆177Jun 10, 2021Updated 4 years ago
- Artifact analysis tools by JPCERT/CC Analysis Center☆462Aug 14, 2025Updated 6 months ago
- Tool Analysis Result Sheet☆356Dec 4, 2017Updated 8 years ago
- Investigate suspicious activity by visualizing Sysmon's event log☆431Dec 22, 2023Updated 2 years ago
- A collection of scripts to initialize a windows VM to run all the malwares!☆107Apr 3, 2020Updated 5 years ago
- Investigate malicious Windows logon by visualizing and analyzing Windows event log☆3,138Oct 19, 2025Updated 4 months ago
- Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux☆505Oct 21, 2022Updated 3 years ago
- PowerShell Memory Pulling script☆19Mar 24, 2015Updated 10 years ago
- Extract the password of the current user from flow (keylogger, config file, ..) Use SSPI to get a valid NTLM challenge/response and test …☆59Mar 8, 2019Updated 6 years ago
- Lazy Office Analyzer☆121Feb 15, 2017Updated 9 years ago
- OSSEM Modular☆27Jun 29, 2020Updated 5 years ago
- PowerShell script to find 'vulnerable' security-related GPOs that should be hardended☆198Jun 1, 2018Updated 7 years ago
- Kirjuri is a web application for managing cases and physical forensic evidence items.☆107May 7, 2021Updated 4 years ago
- Automated deployment of Windows and Active Directory test lab networks. Useful for red and blue teams.☆492Feb 16, 2019Updated 7 years ago
- Identifies defensive gaps in security posture by leveraging Mitre's ATT&CK framework. #nsacyber☆164May 11, 2020Updated 5 years ago
- YARA malware query accelerator (web frontend)☆437Feb 3, 2026Updated 3 weeks ago
- A content inspecting SMTP proxy☆17Jun 9, 2014Updated 11 years ago
- A repository of Sysmon For Linux configuration modules☆16Oct 14, 2021Updated 4 years ago
- Queries to parse sysmon event log file with microsoft logparser☆58Mar 31, 2015Updated 10 years ago
- Utilities for MITRE™ ATT&CK☆1,050Jan 3, 2026Updated last month
- Resolvn Threat Hunting Virtual Machine☆139Aug 16, 2019Updated 6 years ago
- Tools for DFIR☆120Jan 25, 2018Updated 8 years ago
- Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.☆1,339Dec 13, 2022Updated 3 years ago
- Light System Examination Toolkit (LISET) - logs & activity & configuration gathering utility that comes handy in fast Windows incident re…☆32Aug 29, 2016Updated 9 years ago
- ☆24Mar 19, 2020Updated 5 years ago
- A collection of notebooks built for defensive and offensive operations.☆77Oct 13, 2020Updated 5 years ago
- ☆349Mar 19, 2021Updated 4 years ago
- A DFVFS Backed Forensic Viewer☆42Apr 13, 2020Updated 5 years ago
- Kaspersky's GReAT KLara☆732Jul 24, 2024Updated last year
- Some IR notes☆73Jul 23, 2016Updated 9 years ago
- Primary data pipelines for intrusion detection, security analytics and threat hunting☆85Jan 9, 2022Updated 4 years ago
- Python script to decode common encoded PowerShell scripts☆217Jun 13, 2018Updated 7 years ago
- Simple Microsoft Windows sessions event logs visualization☆156May 2, 2022Updated 3 years ago
- An Ubuntu 16.04 build containing Suricata, PulledPork, Bro, and Splunk☆23Jul 10, 2018Updated 7 years ago
- This extension provide a Python panel for writing custom proxy script.☆16Aug 26, 2019Updated 6 years ago
- ☆15May 18, 2022Updated 3 years ago
- Basic x86 Symbolic Execution for educational purposes☆18May 8, 2017Updated 8 years ago
- Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.☆937Dec 12, 2023Updated 2 years ago