MalwareArchaeology/ARTHIR external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

MalwareArchaeology/ARTHIR

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/MalwareArchaeology/ARTHIR)

Close

MalwareArchaeology / ARTHIRView on GitHubMore

• External links
• Readme badge

ATT&CK Remote Threat Hunting Incident Response

☆206Dec 8, 2024Updated last year

Alternatives and similar repositories for ARTHIR

Users that are interested in ARTHIR are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• MalwareArchaeology / ATTACK

  View on GitHub
  MITRE ATT&CK Windows Logging Cheat Sheets
  ☆348Nov 8, 2018Updated 7 years ago
• davehull / Kansa

  View on GitHub
  A Powershell incident response framework
  ☆1,642Nov 22, 2022Updated 3 years ago
• davidpany / WMI_Forensics

  View on GitHub
  ☆310Aug 14, 2020Updated 5 years ago
• sans-blue-team / DeepBlueCLI

  View on GitHub
  ☆2,392Oct 14, 2023Updated 2 years ago
• OTRF / bloodhound-notebooks

  View on GitHub
  Notebooks created to attack and secure Active Directory environments
  ☆27Nov 18, 2019Updated 6 years ago
• Proton VPN Special Offer - Get 70% off • Ad
  Special partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
• edoardogerosa / sentinel-attack

  View on GitHub
  Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
  ☆1,080Nov 28, 2024Updated last year
• PSGumshoe / PSGumshoe

  View on GitHub
  ☆265Oct 25, 2025Updated 5 months ago
• Asymmetric-InfoSec / Power-Response

  View on GitHub
  Powering Up Incident Response with Power-Response
  ☆63Mar 5, 2020Updated 6 years ago
• philhagen / sof-elk

  View on GitHub
  Configuration files for the SOF-ELK VM
  ☆1,724Jan 21, 2026Updated 2 months ago
• orlikoski / CyLR

  View on GitHub
  CyLR - Live Response Collection Tool
  ☆718Jun 1, 2022Updated 3 years ago
• vysecurity / ATT-CK_Analysis

  View on GitHub
  Repository for my ATT&CK analysis research.
  ☆70May 16, 2019Updated 6 years ago
• swisscom / Invoke-Forensics

  View on GitHub
  Invoke-Forensics provides PowerShell commands to simplify working with the forensic tools KAPE and RegRipper.
  ☆118Nov 28, 2023Updated 2 years ago
• trustedsec / SysmonCommunityGuide

  View on GitHub
  TrustedSec Sysinternals Sysmon Community Guide
  ☆1,384Feb 10, 2026Updated last month
• CrowdStrike / SuperMem

  View on GitHub
  A python script developed to process Windows memory images based on triage type.
  ☆266Nov 25, 2023Updated 2 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
• MHaggis / sysmon-dfir

  View on GitHub
  Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
  ☆938Dec 12, 2023Updated 2 years ago
• palantir / windows-event-forwarding

  View on GitHub
  A repository for using windows event forwarding for incident detection and response
  ☆1,302Sep 8, 2025Updated 6 months ago
• olafhartong / sysmon-modular

  View on GitHub
  A repository of sysmon configuration modules
  ☆2,996Aug 21, 2024Updated last year
• orlikoski / Skadi

  View on GitHub
  Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux
  ☆506Oct 21, 2022Updated 3 years ago
• rabobank-cdc / DeTTECT

  View on GitHub
  Detect Tactics, Techniques & Combat Threats
  ☆2,269Jan 21, 2026Updated 2 months ago
• zulu8 / Get-Baseline

  View on GitHub
  PowerShell Script for Agentless Incident Response
  ☆25Apr 5, 2018Updated 7 years ago
• cyberdefenders / DetectionLabELK

  View on GitHub
  DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
  ☆573Dec 12, 2021Updated 4 years ago
• dwmetz / PSHero

  View on GitHub
  PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.
  ☆37Jul 11, 2023Updated 2 years ago
• OTRF / ThreatHunter-Playbook

  View on GitHub
  A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…
  ☆4,508Jan 12, 2026Updated 2 months ago
• NordVPN Threat Protection Pro™ • Ad
  Take your cybersecurity to the next level. Block phishing, malware, trackers, and ads. Lightweight app that works with all browsers.
• dfirtrack / dfirtrack

  View on GitHub
  DFIRTrack - The Incident Response Tracking Application
  ☆534Jan 13, 2026Updated 2 months ago
• sbousseaden / EVTX-ATTACK-SAMPLES

  View on GitHub
  Windows Events Attack Samples
  ☆2,531Jan 24, 2023Updated 3 years ago
• mvelazc0 / Oriana

  View on GitHub
  Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The…
  ☆176Jun 10, 2021Updated 4 years ago
• OTRF / bloodhound-notebook

  View on GitHub
  BloodHound Cypher Queries Ported to a Jupyter Notebook
  ☆53Jun 20, 2020Updated 5 years ago
• nsacyber / Event-Forwarding-Guidance

  View on GitHub
  Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsac…
  ☆883Nov 17, 2020Updated 5 years ago
• cyb3rfox / Aurora-Incident-Response

  View on GitHub
  Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders
  ☆1,064Oct 5, 2023Updated 2 years ago
• LaresLLC / SysmonConfigPusher

  View on GitHub
  Pushes Sysmon Configs
  ☆90Jun 11, 2021Updated 4 years ago
• atc-project / atomic-threat-coverage

  View on GitHub
  Actionable analytics designed to combat threats
  ☆1,005May 25, 2022Updated 3 years ago
• ion-storm / sysmon-edr

  View on GitHub
  Sysmon EDR POC Build within Powershell to prove ability.
  ☆223May 1, 2021Updated 4 years ago
• DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• DefensiveOrigins / APT06202001

  View on GitHub
  Applied Purple Teaming - (ITOCI4hr) - Infrastructure, Threat Optics, and Continuous Improvement - June 6, 2020
  ☆323Jan 22, 2021Updated 5 years ago
• log2timeline / plaso

  View on GitHub
  Super timeline all the things
  ☆2,039Feb 10, 2026Updated last month
• olafhartong / ATTACKdatamap

  View on GitHub
  A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
  ☆356Nov 3, 2020Updated 5 years ago
• Infocyte / PSHunt

  View on GitHub
  Powershell Threat Hunting Module
  ☆290Sep 21, 2016Updated 9 years ago
• OTRF / Security-Datasets

  View on GitHub
  Re-play Security Events
  ☆1,729Mar 20, 2024Updated 2 years ago
• EricZimmerman / KapeFiles

  View on GitHub
  This repository serves as a place for community created Targets and Modules for use with KAPE.
  ☆824Mar 12, 2026Updated 2 weeks ago
• Invoke-IR / PowerForensics

  View on GitHub
  PowerForensics provides an all in one platform for live disk forensic analysis
  ☆1,427Nov 16, 2023Updated 2 years ago