McL0vinn / Windows-Forensic-Examination-and-Threat-HuntingView external linksLinks
Various commands, tools, techniques that you can use to examine live Windows systems for signs of Compromise or for Threat Hunting.Can also be used to create a baseline for your environment.For the bests results "Run as Administrator" through CMD and Powershell.
☆14Aug 15, 2022Updated 3 years ago
Alternatives and similar repositories for Windows-Forensic-Examination-and-Threat-Hunting
Users that are interested in Windows-Forensic-Examination-and-Threat-Hunting are comparing it to the libraries listed below
Sorting:
- Detection rules and threat hunting queries in Defender XDR and Azure Sentinel☆16Updated this week
- Scripts to for ready-to-use Velociraptor instance deployment in Azure☆14Jun 27, 2023Updated 2 years ago
- Powershell collection designed to assist in Threat Hunting Windows systems.☆27Apr 13, 2018Updated 7 years ago
- Windows log and threat hunting with powershell☆16Dec 11, 2020Updated 5 years ago
- An experimental script to perform bulk parsing of arbitrary file features with YARA and console logging.☆21Nov 13, 2022Updated 3 years ago
- Repo to track SANS BlueTeam Summit Presentation☆23Oct 4, 2022Updated 3 years ago
- scripting IDA like a Pro☆24Oct 27, 2020Updated 5 years ago
- Detecting Cobalt Strike Team Servers on targets through traffic telemetry.☆22Aug 13, 2024Updated last year
- Azure AD Incident Response☆27Oct 8, 2021Updated 4 years ago
- Converts exported results of CAPA tool from .json format to another formats supporting by different tools.☆22Feb 15, 2022Updated 4 years ago
- A Jupyter notebook to assist with the analysis of the output generated from Volatility memory extraction framework.☆97May 28, 2023Updated 2 years ago
- PowerShell Script for Agentless Incident Response☆25Apr 5, 2018Updated 7 years ago
- Yara rules☆22Mar 27, 2023Updated 2 years ago
- A simple many-rules to many-files YARA scanner for incident response or malware zoos.☆27Jun 3, 2018Updated 7 years ago
- A completely unsupported set of scripts used in SANS FOR572, Advanced Network Forensics and Analysis☆28Aug 6, 2025Updated 6 months ago
- Userland API monitor for threat hunting☆58Mar 4, 2020Updated 5 years ago
- Purpleteam scripts simulation & Detection - trigger events for SOC detections☆192Dec 20, 2024Updated last year
- PowerShell scripts for running Magnet RESPONSE forensic collection tool in large enterprises.☆30Jan 9, 2025Updated last year
- A series of PowerShell scripts to automate collection of forensic artefacts in most Incident Response environments☆65Jan 31, 2022Updated 4 years ago
- ☆33Dec 4, 2022Updated 3 years ago
- Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or event…☆77Jul 13, 2021Updated 4 years ago
- un sensor pour récupérer les informations des prochaines marées☆12Jan 27, 2026Updated 3 weeks ago
- TAXII 2.0 Server implemented in Node JS with MongoDB backend☆12Jan 3, 2023Updated 3 years ago
- Zeek scripts that provide an alternative log file logging TLS/SSL traffic☆12May 4, 2021Updated 4 years ago
- Offline amnesic live Linux distribution☆14Mar 8, 2025Updated 11 months ago
- A simple Commandline Program Developed Using Python3 to make GNU Privacy Guard Program easy to use for beginners.☆10Jan 1, 2025Updated last year
- A preconfigured Windows-based system designed for rapid forensic investigations in both Azure and AWS.☆40Mar 25, 2024Updated last year
- Proton Drive integration for Home Assistant (compatible with HACS)☆19Updated this week
- Ransomware script based on AES-CBC (Fernet Token) and RSA (PKCS1-OAEP) cryptosystem.☆15Dec 3, 2022Updated 3 years ago
- Website nhận diện và trích xuất thông tin từ Chứng Minh Nhân Dân☆11Oct 6, 2022Updated 3 years ago
- In this training will be covered about a very basic step for malware analysis. Using several free tools to recognize malware behavior. Si…☆12May 25, 2016Updated 9 years ago
- Pentesting, Red Teaming. Reports☆11May 25, 2023Updated 2 years ago
- Repository for my GitHub Universe 2023 session SEC1808M☆10Nov 8, 2023Updated 2 years ago
- Library for extracting fields from Sigtran TCAP/INAP messages☆11Feb 5, 2026Updated last week
- Demo tích hợp cổng thanh toán SDK của MoMo☆12Jan 5, 2022Updated 4 years ago
- Lazy SPL to detect Spring4Shell exploitation☆12Jul 8, 2022Updated 3 years ago
- Cài đặt thuật & tóm tắt lí thuyết Mã hóa mật mã - fit@hcmus☆16May 24, 2022Updated 3 years ago
- Repository resource for threat hunter☆158Sep 14, 2018Updated 7 years ago
- Library of threat hunts to get any user started!☆48Sep 4, 2020Updated 5 years ago