OWNsecurity / GWForensicLinks
DFIR project to collect and analyze events in Google Workspace
☆13Updated last year
Alternatives and similar repositories for GWForensic
Users that are interested in GWForensic are comparing it to the libraries listed below
Sorting:
- Repository for sharing examples of our artifacts data and for use in new analyst recruitment.☆108Updated 9 months ago
- A collection of CVEs weaponized by ransomware operators☆129Updated 3 months ago
- A repository to share publicly available Velociraptor detection content☆194Updated last week
- Segugio allows the execution and tracking of critical steps in the malware detonation process, from clicking on the first stage to extrac…☆151Updated last year
- FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (ext4, XFS) journals (not systemd-journald logs), gene…☆103Updated 2 weeks ago
- A repository to store community malware research notes and findings.☆15Updated last month
- A collection of methods to learn who the owner of an IP address is.☆224Updated 4 months ago
- A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you com…☆180Updated 8 months ago
- A repository of credential stealer formats☆239Updated 7 months ago
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆89Updated 11 months ago
- The LOLBins CTI-Driven (Living-Off-the-Land Binaries Cyber Threat Intelligence Driven) is a project that aims to help cyber defenders und…☆126Updated last year
- R3D SSH Hunter: The Ultimate SSH Key and Bad Guy Tracker☆12Updated last year
- Parses USB connection artifacts from offline Registry hives☆106Updated 7 months ago
- LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. T…☆143Updated last month
- Active C&C Detector☆155Updated 2 years ago
- A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.☆162Updated 9 months ago
- Rules shared by the community from 100 Days of YARA 2024☆88Updated last year
- Windows Malware Investigation Scripts & Docs☆85Updated last year
- A Windows Event Log MCP☆39Updated 5 months ago
- LotL RMM☆286Updated last week
- A collection of tools, scripts and personal research☆155Updated last month
- A specification and style guide for YARA rules☆66Updated last year
- A repository to help CTI teams tackle the challenges around collection and research by providing guidance from experienced practitioners☆115Updated last year
- An analytical challenge created to test junior analysts looking to try performing proactive and reactive cyber threat intelligence.☆201Updated last year
- CarbonBlack EDR detection rules and response actions☆73Updated last year
- An introduction to detection engineering☆13Updated last year
- VeilTransfer is a data exfiltration utility designed to test and enhance the detection capabilities. This tool simulates real-world data …☆153Updated last month
- Tools for Incident Response and Malware Analysis☆11Updated 11 months ago
- A list of RMMs designed to be used in automation to build alerts☆117Updated 2 months ago
- Harness the power of Splunk for your investigations☆148Updated 3 months ago