MalwareArchaeology/ARTHIR external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

MalwareArchaeology/ARTHIR

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/MalwareArchaeology/ARTHIR)

Close

MalwareArchaeology / ARTHIRView on GitHubMore

• External links
• Readme badge

ATT&CK Remote Threat Hunting Incident Response

☆206Dec 8, 2024Updated last year

Alternatives and similar repositories for ARTHIR

Users that are interested in ARTHIR are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• MalwareArchaeology / ATTACK

  View on GitHub
  MITRE ATT&CK Windows Logging Cheat Sheets
  ☆347Nov 8, 2018Updated 7 years ago
• davehull / Kansa

  View on GitHub
  A Powershell incident response framework
  ☆1,649Nov 22, 2022Updated 3 years ago
• davidpany / WMI_Forensics

  View on GitHub
  ☆312Aug 14, 2020Updated 5 years ago
• sans-blue-team / DeepBlueCLI

  View on GitHub
  ☆2,403Oct 14, 2023Updated 2 years ago
• OTRF / bloodhound-notebooks

  View on GitHub
  Notebooks created to attack and secure Active Directory environments
  ☆27Nov 18, 2019Updated 6 years ago
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• edoardogerosa / sentinel-attack

  View on GitHub
  Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
  ☆1,075Nov 28, 2024Updated last year
• PSGumshoe / PSGumshoe

  View on GitHub
  ☆266Oct 25, 2025Updated 6 months ago
• Asymmetric-InfoSec / Power-Response

  View on GitHub
  Powering Up Incident Response with Power-Response
  ☆63Mar 5, 2020Updated 6 years ago
• philhagen / sof-elk

  View on GitHub
  Configuration files for the SOF-ELK VM
  ☆1,733Jan 21, 2026Updated 3 months ago
• vysecurity / ATT-CK_Analysis

  View on GitHub
  Repository for my ATT&CK analysis research.
  ☆70May 16, 2019Updated 6 years ago
• orlikoski / CyLR

  View on GitHub
  CyLR - Live Response Collection Tool
  ☆723Jun 1, 2022Updated 3 years ago
• swisscom / Invoke-Forensics

  View on GitHub
  Invoke-Forensics provides PowerShell commands to simplify working with the forensic tools KAPE and RegRipper.
  ☆117Nov 28, 2023Updated 2 years ago
• trustedsec / SysmonCommunityGuide

  View on GitHub
  TrustedSec Sysinternals Sysmon Community Guide
  ☆1,403Feb 10, 2026Updated 2 months ago
• CrowdStrike / SuperMem

  View on GitHub
  A python script developed to process Windows memory images based on triage type.
  ☆266Nov 25, 2023Updated 2 years ago
• Proton VPN Special Offer - Get 70% off • Ad
  Special partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
• MHaggis / sysmon-dfir

  View on GitHub
  Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
  ☆939Dec 12, 2023Updated 2 years ago
• palantir / windows-event-forwarding

  View on GitHub
  A repository for using windows event forwarding for incident detection and response
  ☆1,319Sep 8, 2025Updated 7 months ago
• olafhartong / sysmon-modular

  View on GitHub
  A repository of sysmon configuration modules
  ☆3,031Aug 21, 2024Updated last year
• orlikoski / Skadi

  View on GitHub
  Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux
  ☆506Oct 21, 2022Updated 3 years ago
• rabobank-cdc / DeTTECT

  View on GitHub
  Detect Tactics, Techniques & Combat Threats
  ☆2,286Apr 29, 2026Updated last week
• zulu8 / Get-Baseline

  View on GitHub
  PowerShell Script for Agentless Incident Response
  ☆25Apr 5, 2018Updated 8 years ago
• cyberdefenders / DetectionLabELK

  View on GitHub
  DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
  ☆573Dec 12, 2021Updated 4 years ago
• dwmetz / PSHero

  View on GitHub
  PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.
  ☆37Jul 11, 2023Updated 2 years ago
• OTRF / ThreatHunter-Playbook

  View on GitHub
  A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…
  ☆4,544Jan 12, 2026Updated 3 months ago
• Bare Metal GPUs on DigitalOcean Gradient AI • Ad
  Purpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
• dfirtrack / dfirtrack

  View on GitHub
  DFIRTrack - The Incident Response Tracking Application
  ☆534Jan 13, 2026Updated 3 months ago
• sbousseaden / EVTX-ATTACK-SAMPLES

  View on GitHub
  Windows Events Attack Samples
  ☆2,554Jan 24, 2023Updated 3 years ago
• mvelazc0 / Oriana

  View on GitHub
  Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The…
  ☆175Jun 10, 2021Updated 4 years ago
• OTRF / bloodhound-notebook

  View on GitHub
  BloodHound Cypher Queries Ported to a Jupyter Notebook
  ☆53Jun 20, 2020Updated 5 years ago
• nsacyber / Event-Forwarding-Guidance

  View on GitHub
  Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsac…
  ☆884Nov 17, 2020Updated 5 years ago
• cyb3rfox / Aurora-Incident-Response

  View on GitHub
  Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders
  ☆1,070Oct 5, 2023Updated 2 years ago
• atc-project / atomic-threat-coverage

  View on GitHub
  Actionable analytics designed to combat threats
  ☆1,009May 25, 2022Updated 3 years ago
• LaresLLC / SysmonConfigPusher

  View on GitHub
  Pushes Sysmon Configs
  ☆91Jun 11, 2021Updated 4 years ago
• ion-storm / sysmon-edr

  View on GitHub
  Sysmon EDR POC Build within Powershell to prove ability.
  ☆225May 1, 2021Updated 5 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• log2timeline / plaso

  View on GitHub
  Super timeline all the things
  ☆2,057Updated this week
• DefensiveOrigins / APT06202001

  View on GitHub
  Applied Purple Teaming - (ITOCI4hr) - Infrastructure, Threat Optics, and Continuous Improvement - June 6, 2020
  ☆324Jan 22, 2021Updated 5 years ago
• olafhartong / ATTACKdatamap

  View on GitHub
  A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
  ☆357Nov 3, 2020Updated 5 years ago
• Infocyte / PSHunt

  View on GitHub
  Powershell Threat Hunting Module
  ☆291Sep 21, 2016Updated 9 years ago
• OTRF / Security-Datasets

  View on GitHub
  Re-play Security Events
  ☆1,746Mar 20, 2024Updated 2 years ago
• EricZimmerman / KapeFiles

  View on GitHub
  This repository serves as a place for community created Targets and Modules for use with KAPE.
  ☆838Apr 29, 2026Updated last week
• Invoke-IR / PowerForensics

  View on GitHub
  PowerForensics provides an all in one platform for live disk forensic analysis
  ☆1,431Nov 16, 2023Updated 2 years ago