McL0vinn / Windows-Forensic-Examination-and-Threat-Hunting
Various commands, tools, techniques that you can use to examine live Windows systems for signs of Compromise or for Threat Hunting.Can also be used to create a baseline for your environment.For the bests results "Run as Administrator" through CMD and Powershell.
☆10Updated 2 years ago
Related projects: ⓘ
- Winterfell hunt is a python script to perform auto threat hunting for malicious activities in windows OS based on collected data by winte…☆14Updated 4 years ago
- Threat Hunt Investigation Methodology and Procedure☆14Updated 2 years ago
- IOCPARSER.COM is a Fast and Reliable service that enables you to extract IOCs and intelligence from different data sources.☆34Updated 2 years ago
- An experimental script to perform bulk parsing of arbitrary file features with YARA and console logging.☆21Updated last year
- Simple Script to Help You Find All Files Has Been Modified, Accessed, and Created In A Range Time.☆27Updated last year
- ☆13Updated last year
- All the useful tools interesting to be used☆18Updated 2 years ago
- Creates an ATT&CK Navigator map of an Adversary Emulation Plan☆16Updated 3 years ago
- ☆21Updated 3 years ago
- Penguin OS Forensic (or Flight) Recorder☆37Updated last month
- This Repository gives the best and possible strategies against hunting the ransomware☆24Updated 2 years ago
- Assist analyst and threat hunters to understand Windows authentication logs and to analyze brutforce scenarios.☆18Updated last year
- A script to assist in processing forensic RAM captures for malware triage☆27Updated 3 years ago
- ☆25Updated 3 years ago
- BlueSploit is a DFIR framework with the main purpose being to quickly capture artifacts for later review.☆32Updated 4 years ago
- Resource links (video, slides & code) for my conference talks | presentations | workshops☆11Updated last month
- Operating System testbed created with Terraform to test payloads, programs and compatibility on different OS versions. Supports AWS and A…☆18Updated last year
- PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.☆35Updated last year
- Scripts to threat optics stack quickly / abbreviated and automated. Run after APT-Lab-Terraform☆12Updated 3 years ago
- Quick & Dirty DFIR scripts developed by Ebryx DFIR team to keep handy during field assignment☆14Updated 2 months ago
- ESXi Cyber Security Incident Response Script☆19Updated 2 weeks ago
- Vagrant Files to create a Virtualbox VM for Malware Analysis☆13Updated 3 years ago
- The "DFUR" Splunk application and data that was presented at the 2020 SANS DFIR Summit.☆12Updated 4 years ago
- A preconfigured Windows-based system designed for rapid forensic investigations in both Azure and AWS.☆36Updated 5 months ago
- A collection of Sigma rules organized by MITRE ATT&CK technique☆15Updated 3 years ago
- Scripts and One-Liners☆19Updated 2 months ago
- Accelerating the collection, processing, analysis and outputting of digital forensic artefacts.☆29Updated 2 months ago
- A MITRE ATT&CK Lookup Tool☆41Updated 4 months ago
- Threat Hunter's Knowledge Base☆21Updated 2 years ago
- PowerShell scripts for running Magnet RESPONSE forensic collection tool in large enterprises.☆20Updated 4 months ago