Alternatives and similar repositories for ARTHIR

Users that are interested in ARTHIR are comparing it to the libraries listed below

• MalwareArchaeology / ATTACK

  View on GitHub
  MITRE ATT&CK Windows Logging Cheat Sheets
  ☆349Nov 8, 2018Updated 7 years ago
• davehull / Kansa

  View on GitHub
  A Powershell incident response framework
  ☆1,637Nov 22, 2022Updated 3 years ago
• davidpany / WMI_Forensics

  View on GitHub
  ☆308Aug 14, 2020Updated 5 years ago
• sans-blue-team / DeepBlueCLI

  View on GitHub
  ☆2,383Oct 14, 2023Updated 2 years ago
• edoardogerosa / sentinel-attack

  View on GitHub
  Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
  ☆1,076Nov 28, 2024Updated last year
• PSGumshoe / PSGumshoe

  View on GitHub
  ☆265Oct 25, 2025Updated 3 months ago
• vysecurity / ATT-CK_Analysis

  View on GitHub
  Repository for my ATT&CK analysis research.
  ☆71May 16, 2019Updated 6 years ago
• trustedsec / SysmonCommunityGuide

  View on GitHub
  TrustedSec Sysinternals Sysmon Community Guide
  ☆1,363Dec 15, 2025Updated last month
• OTRF / bloodhound-notebooks

  View on GitHub
  Notebooks created to attack and secure Active Directory environments
  ☆27Nov 18, 2019Updated 6 years ago
• orlikoski / CyLR

  View on GitHub
  CyLR - Live Response Collection Tool
  ☆708Jun 1, 2022Updated 3 years ago
• MHaggis / sysmon-dfir

  View on GitHub
  Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
  ☆937Dec 12, 2023Updated 2 years ago
• swisscom / Invoke-Forensics

  View on GitHub
  Invoke-Forensics provides PowerShell commands to simplify working with the forensic tools KAPE and RegRipper.
  ☆117Nov 28, 2023Updated 2 years ago
• philhagen / sof-elk

  View on GitHub
  Configuration files for the SOF-ELK VM
  ☆1,715Jan 21, 2026Updated 3 weeks ago
• palantir / windows-event-forwarding

  View on GitHub
  A repository for using windows event forwarding for incident detection and response
  ☆1,296Sep 8, 2025Updated 5 months ago
• rabobank-cdc / DeTTECT

  View on GitHub
  Detect Tactics, Techniques & Combat Threats
  ☆2,263Jan 21, 2026Updated 3 weeks ago
• sbousseaden / EVTX-ATTACK-SAMPLES

  View on GitHub
  Windows Events Attack Samples
  ☆2,502Jan 24, 2023Updated 3 years ago
• DefensiveOrigins / APT06202001

  View on GitHub
  Applied Purple Teaming - (ITOCI4hr) - Infrastructure, Threat Optics, and Continuous Improvement - June 6, 2020
  ☆323Jan 22, 2021Updated 5 years ago
• orlikoski / Skadi

  View on GitHub
  Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux
  ☆504Oct 21, 2022Updated 3 years ago
• cyberdefenders / DetectionLabELK

  View on GitHub
  DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
  ☆573Dec 12, 2021Updated 4 years ago
• CrowdStrike / SuperMem

  View on GitHub
  A python script developed to process Windows memory images based on triage type.
  ☆264Nov 25, 2023Updated 2 years ago
• dfirtrack / dfirtrack

  View on GitHub
  DFIRTrack - The Incident Response Tracking Application
  ☆532Jan 13, 2026Updated last month
• OTRF / OSSEM

  View on GitHub
  Open Source Security Events Metadata (OSSEM)
  ☆1,287Feb 27, 2023Updated 2 years ago
• OTRF / bloodhound-notebook

  View on GitHub
  BloodHound Cypher Queries Ported to a Jupyter Notebook
  ☆53Jun 20, 2020Updated 5 years ago
• activecm / BeaKer

  View on GitHub
  Beacon Kibana Executable Report. Aggregates Sysmon Network Events With Elasticsearch and Kibana
  ☆298Feb 6, 2026Updated last week
• OTRF / ThreatHunter-Playbook

  View on GitHub
  A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…
  ☆4,475Jan 12, 2026Updated last month
• olafhartong / sysmon-modular

  View on GitHub
  A repository of sysmon configuration modules
  ☆2,968Aug 21, 2024Updated last year
• ion-storm / sysmon-edr

  View on GitHub
  Sysmon EDR POC Build within Powershell to prove ability.
  ☆226May 1, 2021Updated 4 years ago
• olafhartong / ATTACKdatamap

  View on GitHub
  A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
  ☆355Nov 3, 2020Updated 5 years ago
• OTRF / Security-Datasets

  View on GitHub
  Re-play Security Events
  ☆1,723Mar 20, 2024Updated last year
• dwmetz / PSHero

  View on GitHub
  PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.
  ☆36Jul 11, 2023Updated 2 years ago
• ThreatHuntingProject / ThreatHunting

  View on GitHub
  An informational repo about hunting for adversaries in your IT environment.
  ☆1,846Nov 17, 2021Updated 4 years ago
• atc-project / atomic-threat-coverage

  View on GitHub
  Actionable analytics designed to combat threats
  ☆1,006May 25, 2022Updated 3 years ago
• SecurityRiskAdvisors / VECTR

  View on GitHub
  VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities a…
  ☆1,548Nov 24, 2025Updated 2 months ago
• MarkBaggett / domain_stats

  View on GitHub
  ☆227Nov 9, 2023Updated 2 years ago
• cyb3rfox / Aurora-Incident-Response

  View on GitHub
  Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders
  ☆960Oct 5, 2023Updated 2 years ago
• nsacyber / Event-Forwarding-Guidance

  View on GitHub
  Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsac…
  ☆881Nov 17, 2020Updated 5 years ago
• TonyPhipps / Meerkat

  View on GitHub
  A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
  ☆481Nov 15, 2024Updated last year
• EricZimmerman / KapeFiles

  View on GitHub
  This repository serves as a place for community created Targets and Modules for use with KAPE.
  ☆815Feb 4, 2026Updated last week
• bromiley / olaf

  View on GitHub
  Office365 Log Analysis Framework
  ☆81Jun 6, 2019Updated 6 years ago