LetsDefend / incident-response-playbooksView external linksLinks
☆193Mar 11, 2024Updated last year
Alternatives and similar repositories for incident-response-playbooks
Users that are interested in incident-response-playbooks are comparing it to the libraries listed below
Sorting:
- Useful resources for SOC Analyst and SOC Analyst candidates.☆885Aug 28, 2023Updated 2 years ago
- ☆42Mar 6, 2023Updated 2 years ago
- A small guide on Unknown/Orphaned SIDs and some PowerShell tools to help you get rid of them.☆20Mar 28, 2022Updated 3 years ago
- Repo that hold write-ups of various research projects I did and/or overall InfoSec things I investigated/researched.☆21Jan 5, 2025Updated last year
- A small tool that helps Incident responders and SOC analysts do a quick and initial analysis/assessment of malicious files☆26Mar 1, 2023Updated 2 years ago
- A curated repository of incident response playbooks☆114Jul 17, 2023Updated 2 years ago
- A collection of sources of documentation, as well as field best practices, to build/run a SOC☆1,621Updated this week
- A SOC Analyst's tool to automate the investigation & validation of possible Indicators of Compromise (IOCs) and perform various tasks inc…☆29Jun 22, 2022Updated 3 years ago
- A python port of CCob's ThreadlessInject☆25Mar 18, 2023Updated 2 years ago
- PowerShell Digital Forensics & Incident Response Scripts.☆766Jan 14, 2026Updated last month
- ThreatSeeker: Threat Hunting via Windows Event Logs☆124May 16, 2023Updated 2 years ago
- Automatically spider the result set of a Censys/Shodan search and download all files where the file name or folder path matches a regex.☆28Apr 22, 2023Updated 2 years ago
- This is a collection of threat detection rules / rules engines that I have come across.☆296May 5, 2024Updated last year
- This directory features proven systems that demonstrate value to your threat-informed efforts using metrics.☆114Nov 19, 2024Updated last year
- Playbooks for SOC Analysts☆670Dec 11, 2022Updated 3 years ago
- ☆138Apr 20, 2023Updated 2 years ago
- Monitor your target continuously for new subdomains!☆25Mar 18, 2023Updated 2 years ago
- Scans a list of raccoon servers from Tria.ge and extracts the config☆15Jun 5, 2023Updated 2 years ago
- Repository with Hunting and Detection Queries for Microsoft Sentinel and Microsoft Defender XDR☆16Nov 7, 2025Updated 3 months ago
- Predicting the probability of an exploit being released after a CVE is published (by Machine learning algorithm)☆12Aug 8, 2023Updated 2 years ago
- Awesome Security lists for SOC/CERT/CTI☆1,239Updated this week
- RedCloudOS is a Cloud Adversary Simulation Operating System for Red Teams to assess the Cloud Security of Leading Cloud Service Providers…☆674Jun 4, 2024Updated last year
- SOC Interview Questions☆1,261Sep 10, 2024Updated last year
- A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as …☆421Aug 10, 2025Updated 6 months ago
- My malware analysis code snippets☆28Jul 15, 2023Updated 2 years ago
- 100 Days of YARA to be updated with rules & ideas as the year progresses☆60Jan 18, 2023Updated 3 years ago
- Hunting Queries for Defender ATP☆83Dec 14, 2025Updated 2 months ago
- This repository presents a detailed case study on tracking cryptocurrency transactions and uncovering dark web operations. Using open-sou…☆32Apr 14, 2025Updated 10 months ago
- SATO is a PowerShell tool focuses on providing flexible, multi-grant type support for obtaining, managing, and analyzing Azure tokens.☆20Nov 24, 2025Updated 2 months ago
- KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunt…☆1,634Updated this week
- ☆244Jan 23, 2025Updated last year
- Cyber Incident Response Team Playbook Battle Cards☆426May 10, 2024Updated last year
- Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).☆801Jan 14, 2026Updated last month
- This repo is about Active Directory Advanced Threat Hunting☆649Feb 17, 2025Updated 11 months ago
- The Enhanced MITRE ATT&CK® Coverage Tracker is an Excel tool for SOCs to measure and improve detection coverage of cyber threats. It simp…☆34Nov 13, 2025Updated 3 months ago
- Awesome list of keywords and artifacts for Threat Hunting sessions☆633Aug 4, 2025Updated 6 months ago
- practical toolkit for cybersecurity and IT professionals. It features a detailed Linux cheatsheet for incident response☆408Dec 29, 2023Updated 2 years ago
- A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365☆790Oct 29, 2022Updated 3 years ago
- ☆47Oct 28, 2022Updated 3 years ago