MalwareArchaeology/ARTHIR external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

MalwareArchaeology/ARTHIR

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/MalwareArchaeology/ARTHIR)

Close

MalwareArchaeology / ARTHIRView on GitHubMore

• External links
• Readme badge

ATT&CK Remote Threat Hunting Incident Response

☆203Dec 8, 2024Updated last year

Alternatives and similar repositories for ARTHIR

Users that are interested in ARTHIR are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• MalwareArchaeology / ATTACK

  View on GitHub
  MITRE ATT&CK Windows Logging Cheat Sheets
  ☆347Nov 8, 2018Updated 7 years ago
• davehull / Kansa

  View on GitHub
  A Powershell incident response framework
  ☆1,654Nov 22, 2022Updated 3 years ago
• davidpany / WMI_Forensics

  View on GitHub
  ☆313Aug 14, 2020Updated 5 years ago
• sans-blue-team / DeepBlueCLI

  View on GitHub
  ☆2,408Oct 14, 2023Updated 2 years ago
• OTRF / bloodhound-notebooks

  View on GitHub
  Notebooks created to attack and secure Active Directory environments
  ☆27Nov 18, 2019Updated 6 years ago
• AI Agents on DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• edoardogerosa / sentinel-attack

  View on GitHub
  Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
  ☆1,077Nov 28, 2024Updated last year
• PSGumshoe / PSGumshoe

  View on GitHub
  ☆267Oct 25, 2025Updated 7 months ago
• Asymmetric-InfoSec / Power-Response

  View on GitHub
  Powering Up Incident Response with Power-Response
  ☆63Mar 5, 2020Updated 6 years ago
• philhagen / sof-elk

  View on GitHub
  Configuration files for the SOF-ELK VM
  ☆1,734Updated this week
• vysecurity / ATT-CK_Analysis

  View on GitHub
  Repository for my ATT&CK analysis research.
  ☆70May 16, 2019Updated 7 years ago
• orlikoski / CyLR

  View on GitHub
  CyLR - Live Response Collection Tool
  ☆725Jun 1, 2022Updated 3 years ago
• swisscom / Invoke-Forensics

  View on GitHub
  Invoke-Forensics provides PowerShell commands to simplify working with the forensic tools KAPE and RegRipper.
  ☆118Nov 28, 2023Updated 2 years ago
• trustedsec / SysmonCommunityGuide

  View on GitHub
  TrustedSec Sysinternals Sysmon Community Guide
  ☆1,414Feb 10, 2026Updated 3 months ago
• CrowdStrike / SuperMem

  View on GitHub
  A python script developed to process Windows memory images based on triage type.
  ☆266Nov 25, 2023Updated 2 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• MHaggis / sysmon-dfir

  View on GitHub
  Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
  ☆941Dec 12, 2023Updated 2 years ago
• palantir / windows-event-forwarding

  View on GitHub
  A repository for using windows event forwarding for incident detection and response
  ☆1,325Sep 8, 2025Updated 8 months ago
• olafhartong / sysmon-modular

  View on GitHub
  A repository of sysmon configuration modules
  ☆3,045Aug 21, 2024Updated last year
• orlikoski / Skadi

  View on GitHub
  Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux
  ☆507Oct 21, 2022Updated 3 years ago
• rabobank-cdc / DeTTECT

  View on GitHub
  Detect Tactics, Techniques & Combat Threats
  ☆2,292Apr 29, 2026Updated 3 weeks ago
• zulu8 / Get-Baseline

  View on GitHub
  PowerShell Script for Agentless Incident Response
  ☆25Apr 5, 2018Updated 8 years ago
• cyberdefenders / DetectionLabELK

  View on GitHub
  DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
  ☆572Dec 12, 2021Updated 4 years ago
• dwmetz / PSHero

  View on GitHub
  PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.
  ☆37Jul 11, 2023Updated 2 years ago
• OTRF / ThreatHunter-Playbook

  View on GitHub
  A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…
  ☆4,559Jan 12, 2026Updated 4 months ago
• Serverless GPU API endpoints on Runpod - Get Bonus Credits • Ad
  Skip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
• dfirtrack / dfirtrack

  View on GitHub
  DFIRTrack - The Incident Response Tracking Application
  ☆534Jan 13, 2026Updated 4 months ago
• sbousseaden / EVTX-ATTACK-SAMPLES

  View on GitHub
  Windows Events Attack Samples
  ☆2,560Jan 24, 2023Updated 3 years ago
• mvelazc0 / Oriana

  View on GitHub
  Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The…
  ☆174Jun 10, 2021Updated 4 years ago
• OTRF / bloodhound-notebook

  View on GitHub
  BloodHound Cypher Queries Ported to a Jupyter Notebook
  ☆53Jun 20, 2020Updated 5 years ago
• nsacyber / Event-Forwarding-Guidance

  View on GitHub
  Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsac…
  ☆885Nov 17, 2020Updated 5 years ago
• cyb3rfox / Aurora-Incident-Response

  View on GitHub
  Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders
  ☆1,071Oct 5, 2023Updated 2 years ago
• atc-project / atomic-threat-coverage

  View on GitHub
  Actionable analytics designed to combat threats
  ☆1,009May 25, 2022Updated 4 years ago
• LaresLLC / SysmonConfigPusher

  View on GitHub
  Pushes Sysmon Configs
  ☆91Jun 11, 2021Updated 4 years ago
• ion-storm / sysmon-edr

  View on GitHub
  Sysmon EDR POC Build within Powershell to prove ability.
  ☆226May 1, 2021Updated 5 years ago
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• log2timeline / plaso

  View on GitHub
  Super timeline all the things
  ☆2,071May 17, 2026Updated last week
• DefensiveOrigins / APT06202001

  View on GitHub
  Applied Purple Teaming - (ITOCI4hr) - Infrastructure, Threat Optics, and Continuous Improvement - June 6, 2020
  ☆324Jan 22, 2021Updated 5 years ago
• olafhartong / ATTACKdatamap

  View on GitHub
  A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
  ☆358Nov 3, 2020Updated 5 years ago
• Infocyte / PSHunt

  View on GitHub
  Powershell Threat Hunting Module
  ☆291Sep 21, 2016Updated 9 years ago
• OTRF / Security-Datasets

  View on GitHub
  Re-play Security Events
  ☆1,757Mar 20, 2024Updated 2 years ago
• EricZimmerman / KapeFiles

  View on GitHub
  This repository serves as a place for community created Targets and Modules for use with KAPE.
  ☆842Apr 29, 2026Updated 3 weeks ago
• Invoke-IR / PowerForensics

  View on GitHub
  PowerForensics provides an all in one platform for live disk forensic analysis
  ☆1,434Nov 16, 2023Updated 2 years ago