Full of public notes and Utilities
☆131Jan 6, 2026Updated last month
Alternatives and similar repositories for notes
Users that are interested in notes are comparing it to the libraries listed below
Sorting:
- ☆17Jan 21, 2026Updated last month
- Repo with supporting material for the talk titled "Cracking the Beacon: Automating the extraction of implant configurations"☆11Feb 6, 2025Updated last year
- Jupyter notebooks for threat hunting☆60Mar 26, 2025Updated 11 months ago
- Powershell sandboxing utility☆20Feb 2, 2026Updated last month
- A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as …☆432Feb 18, 2026Updated 2 weeks ago
- Bunch of honey related items that spoof/decoy powersploit functions.☆18Apr 23, 2020Updated 5 years ago
- ScriptSentry finds misconfigured and dangerous logon scripts.☆624Feb 16, 2026Updated 2 weeks ago
- Digital Forensics and Incident Response notes and Autopsy tool walkthrough☆11Feb 3, 2022Updated 4 years ago
- Lists of sources and utilities utilized to hunt, detect and prevent evildoers.☆168Dec 10, 2018Updated 7 years ago
- ☆61Jun 24, 2023Updated 2 years ago
- An automated deployment tool that creates instrumented Azure environments with vulnerable systems for simulating attacks and testing Micr…☆62Jul 27, 2025Updated 7 months ago
- EDR/AV Simulation for Malware Development☆13Oct 21, 2023Updated 2 years ago
- Monitor your PingCastle scans to highlight the rule diff between two scans☆157Feb 19, 2026Updated 2 weeks ago
- ☆14Oct 24, 2024Updated last year
- Awesome list of keywords and artifacts for Threat Hunting sessions☆641Aug 4, 2025Updated 7 months ago
- FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is de…☆816Feb 17, 2025Updated last year
- A tool to create randomly insecure file shares that also contain unsecured credential files☆49Feb 16, 2026Updated 2 weeks ago
- PowerShell script and workflow for creating and importing a Win32 package into Intune for the Microsoft 365 Apps☆22Updated this week
- The purpose of this project is to publish and maintain the deployment PowerShell script that automates deployments for Active Directory C…☆258Nov 24, 2023Updated 2 years ago
- Ludus range for the Constructing Defense Lab☆102Feb 23, 2026Updated last week
- Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detection…☆864Jan 20, 2022Updated 4 years ago
- Config files for my GitHub profile.☆14May 7, 2023Updated 2 years ago
- HoneyZure is a honeypot tool specifically designed for Azure environments, fully provisioned through Terraform. It leverages a Log Analyt…☆17Jun 11, 2024Updated last year
- Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources☆13Jun 24, 2018Updated 7 years ago
- Pwnage☆17Jul 1, 2025Updated 8 months ago
- WMI SA stuffs☆30Apr 18, 2022Updated 3 years ago
- A repository to share publicly available Velociraptor detection content☆196Updated this week
- Scripts for rapid Windows endpoint "tactical triage" and investigations with Velociraptor and KAPE☆179Jan 20, 2026Updated last month
- A small tool built to find and fix common misconfigurations in Active Directory Certificate Services.☆1,475Feb 18, 2026Updated 2 weeks ago
- An interactive TUI tool to create Brute Ratel C4 profiles based on BURP browsing data.☆31May 23, 2025Updated 9 months ago
- Integrating Sysinternals Autoruns’ logs into Security Onion☆31Feb 20, 2024Updated 2 years ago
- Documentation and scripts to properly enable Windows event logs.☆672Oct 3, 2025Updated 5 months ago
- This script analyzes the DCSync output file from several tools (such as Mimikatz, Secretsdump and SharpKatz...)☆66Mar 17, 2025Updated 11 months ago
- Active C&C Detector☆156Oct 5, 2023Updated 2 years ago
- Xavier Framework is a user interface wrapper built on top of the Volatility(c) memory forensics framework.☆46Jul 7, 2022Updated 3 years ago
- Threat Hunting tool about Sysmon and graphs☆337May 28, 2023Updated 2 years ago
- Parses USB connection artifacts from offline Registry hives☆107Feb 8, 2026Updated 3 weeks ago
- An Ansible role that runs Vulhub environments on a Linux system.☆20Oct 15, 2025Updated 4 months ago
- A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.☆107Nov 23, 2022Updated 3 years ago