McL0vinn/Windows-Forensic-Examination-and-Threat-Hunting external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

McL0vinn/Windows-Forensic-Examination-and-Threat-Hunting

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/McL0vinn/Windows-Forensic-Examination-and-Threat-Hunting)

Close

McL0vinn / Windows-Forensic-Examination-and-Threat-HuntingView on GitHubMore

• External links
• Readme badge

Various commands, tools, techniques that you can use to examine live Windows systems for signs of Compromise or for Threat Hunting.Can also be used to create a baseline for your environment.For the bests results "Run as Administrator" through CMD and Powershell.

☆15Aug 15, 2022Updated 3 years ago

Alternatives and similar repositories for Windows-Forensic-Examination-and-Threat-Hunting

Users that are interested in Windows-Forensic-Examination-and-Threat-Hunting are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• securycore / ThreatHunting

  View on GitHub
  Powershell collection designed to assist in Threat Hunting Windows systems.
  ☆27Apr 13, 2018Updated 7 years ago
• oguzpamuk / HuntingWithPowershell

  View on GitHub
  Windows log and threat hunting with powershell
  ☆16Dec 11, 2020Updated 5 years ago
• ItzHerbie / KQL

  View on GitHub
  Detection rules and threat hunting queries in Defender XDR and Azure Sentinel
  ☆16Mar 13, 2026Updated last week
• WesSec / VelociDeploy-o-Matic

  View on GitHub
  Scripts to for ready-to-use Velociraptor instance deployment in Azure
  ☆14Jun 27, 2023Updated 2 years ago
• eremit4 / cs-discovery

  View on GitHub
  Detecting Cobalt Strike Team Servers on targets through traffic telemetry.
  ☆22Aug 13, 2024Updated last year
• Virtual machines for every use case on DigitalOcean • Ad
  Get dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
• stvemillertime / RonnieColemanYARAParser

  View on GitHub
  An experimental script to perform bulk parsing of arbitrary file features with YARA and console logging.
  ☆21Nov 13, 2022Updated 3 years ago
• eshlomo1 / Azure-AD-Incident-Response

  View on GitHub
  Azure AD Incident Response
  ☆27Oct 8, 2021Updated 4 years ago
• zulu8 / Get-Baseline

  View on GitHub
  PowerShell Script for Agentless Incident Response
  ☆25Apr 5, 2018Updated 7 years ago
• nogoodconfig / pyarascanner

  View on GitHub
  A simple many-rules to many-files YARA scanner for incident response or malware zoos.
  ☆27Jun 3, 2018Updated 7 years ago
• Purp1eW0lf / quickforensics

  View on GitHub
  ☆33Dec 4, 2022Updated 3 years ago
• wortell / log4j

  View on GitHub
  Repo containing all info, scripts, etc. related to CVE-2021-44228
  ☆10Dec 29, 2021Updated 4 years ago
• 0xxon / zeek-tls-log-alternative

  View on GitHub
  Zeek scripts that provide an alternative log file logging TLS/SSL traffic
  ☆12May 4, 2021Updated 4 years ago
• KPN-CISO / certificate-inventory

  View on GitHub
  Scanner which is capable of scanning multiple hosts or multiple subnets on an SSL port and output a CSV file with the certificate details…
  ☆14Nov 29, 2013Updated 12 years ago
• marietheresa / improved-lamp

  View on GitHub
  Repository for my GitHub Universe 2023 session SEC1808M
  ☆10Nov 8, 2023Updated 2 years ago
• NordVPN Special Discount Offer • Ad
  Save on top-rated NordVPN 1 or 2-year plans with secure browsing, privacy protection, and support for for all major platforms.
• blueteam0ps / memOptix

  View on GitHub
  A Jupyter notebook to assist with the analysis of the output generated from Volatility memory extraction framework.
  ☆97May 28, 2023Updated 2 years ago
• Dump-GUY / CAPA_JsonConver

  View on GitHub
  Converts exported results of CAPA tool from .json format to another formats supporting by different tools.
  ☆22Feb 15, 2022Updated 4 years ago
• Vyiel / RedTeamPets

  View on GitHub
  A collection of handy and specific tools for the Red Teamer
  ☆11Aug 13, 2024Updated last year
• Inndy / idapython-cheatsheet

  View on GitHub
  scripting IDA like a Pro
  ☆24Oct 27, 2020Updated 5 years ago
• mthcht / Purpleteam

  View on GitHub
  Purpleteam scripts simulation & Detection - trigger events for SOC detections
  ☆196Dec 20, 2024Updated last year
• LouisBrunner / ha-proton-drive

  View on GitHub
  Proton Drive integration for Home Assistant (compatible with HACS)
  ☆20Mar 18, 2026Updated last week
• kuhumcst / tf-idf

  View on GitHub
  A reasonably performant TF-IDF implementation.
  ☆12Nov 20, 2022Updated 3 years ago
• ruppde / yara_rules

  View on GitHub
  Yara rules
  ☆22Mar 27, 2023Updated 2 years ago
• infinite-omicron / pentesting-checklist

  View on GitHub
  Penetration Testing Checklist
  ☆37May 14, 2020Updated 5 years ago
• NordVPN Special Discount Offer • Ad
  Save on top-rated NordVPN 1 or 2-year plans with secure browsing, privacy protection, and support for for all major platforms.
• hackjalstead / IRCP

  View on GitHub
  A series of PowerShell scripts to automate collection of forensic artefacts in most Incident Response environments
  ☆65Jan 31, 2022Updated 4 years ago
• andreafortuna / malhunt

  View on GitHub
  Hunt malware with Volatility
  ☆49Mar 3, 2026Updated 3 weeks ago
• op7ic / Cloud-Investigate

  View on GitHub
  A preconfigured Windows-based system designed for rapid forensic investigations in both Azure and AWS.
  ☆38Mar 25, 2024Updated 2 years ago
• philhagen / for572-scripts

  View on GitHub
  A completely unsupported set of scripts used in SANS FOR572, Advanced Network Forensics and Analysis
  ☆28Aug 6, 2025Updated 7 months ago
• gsiddharth29 / Threat-Hunting

  View on GitHub
  Threat Hunt Investigation Methodology and Procedure
  ☆15Jul 11, 2022Updated 3 years ago
• olafhartong / sysmon-parser

  View on GitHub
  Automatically generated Sysmon parser for Azure Sentinel
  ☆18Jan 6, 2026Updated 2 months ago
• tomskra / HA-SmartThings-Find

  View on GitHub
  Home Assisstant custom integration to provide data from Samsung SmartThings Find, such as SmartTag locations
  ☆31Jun 11, 2025Updated 9 months ago
• amrandazz / cloud-threat-detection

  View on GitHub
  Cloud threat detection visualization from excalidraw
  ☆12Apr 25, 2022Updated 3 years ago
• guerilla7 / CyberMoE

  View on GitHub
  A Mixture‑of‑Experts Educational Framework for Adaptive Cybersecurity
  ☆22Feb 8, 2026Updated last month
• Proton VPN Special Offer - Get 70% off • Ad
  Special partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
• OTRF / SANS-BlueTeamSummit-2022

  View on GitHub
  Repo to track SANS BlueTeam Summit Presentation
  ☆23Oct 4, 2022Updated 3 years ago
• ch33r10 / DEFCON29-BTV-ThreatReportRoulette

  View on GitHub
  Learn how to get more out of publicly available threat reports to help improve the security posture of your organization! TLP: White Thre…
  ☆15Jun 5, 2023Updated 2 years ago
• y3n11 / Captain

  View on GitHub
  Userland API monitor for threat hunting
  ☆58Mar 4, 2020Updated 6 years ago
• kaze-technologies / cvefree

  View on GitHub
  Kaze's openly available CVE vulnerability data.
  ☆16Apr 7, 2025Updated 11 months ago
• kkredit / smart-home-threat-model

  View on GitHub
  A small threat model for a smart home
  ☆18Oct 8, 2019Updated 6 years ago
• a-rey / CISCO_configs

  View on GitHub
  CISCO configuration guides
  ☆14Feb 16, 2020Updated 6 years ago
• gquere / WindowsPentestCommands

  View on GitHub
  Commands used in Windows penetration tests
  ☆56Jan 19, 2026Updated 2 months ago