StevenD33 / Lab-DFIR-SOC

Related projects ⓘ

Alternatives and complementary repositories for Lab-DFIR-SOC

• pr0xylife / Emotet
  IOC Collection 2022
  ☆55Updated last year
• hackjalstead / IRCP
  A series of PowerShell scripts to automate collection of forensic artefacts in most Incident Response environments
  ☆64Updated 2 years ago
• malienist / lupo
  Lupo - Malware IOC Extractor. Debugging module for Malware Analysis Automation
  ☆104Updated 2 years ago
• paladin316 / ThreatHunting
  This repo is where I store my Threat Hunting ideas/content
  ☆85Updated last year
• BinaryDefense / YaraMemoryScanner
  Simple PowerShell script to enable process scanning with Yara.
  ☆90Updated 2 years ago
• theflakes / reg_hunter
  Blueteam operational triage registry hunting/forensic tool.
  ☆142Updated last year
• TH3xACE / EDR-Test
  Automating EDR Testing with reference to MITRE ATTACK via Cobalt Strike [Purple Team].
  ☆146Updated last year
• darkoperator / Veil-PowerView
  Veil-PowerView is a powershell tool to gain network situational awareness on Windows domains.
  ☆52Updated 9 years ago
• mthcht / ThreatHunting-Keywords-yara-rules
  yara detection rules for hunting with the threathunting-keywords project
  ☆87Updated this week
• CronUp / Malware-IOCs
  ☆96Updated 3 weeks ago
• MazX0p / ThreatHound
  ☆155Updated 11 months ago
• center-for-threat-informed-defense / attack-powered-suit
  ATT&CK Powered Suit is a browser extension that puts the complete MITRE ATT&CK® knowledge base at your fingertips with text search, conte…
  ☆72Updated 2 weeks ago
• mlgualtieri / PurpleTeamSummit
  ☆25Updated 3 years ago
• CrowdStrike / xwf-yara-scanner
  ☆85Updated 9 months ago
• Qazeer / FarsightAD
  PowerShell script that aim to help uncovering (eventual) persistence mechanisms deployed by a threat actor following an Active Directory …
  ☆93Updated last year
• BushidoUK / Exploring-APT-campaigns
  Further investigation in to APT campaigns disclosed by private security firms and security agencies
  ☆81Updated 2 years ago
• The-DFIR-Report / Yara-Rules
  ☆61Updated last month
• splunk / melting-cobalt
  A Cobalt Strike Scanner that retrieves detected Team Server beacons into a JSON object
  ☆164Updated 2 years ago
• NVISOsecurity / evtx-hunter
  evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.
  ☆147Updated 2 years ago
• ssnkhan / adversarial-threat-modelling
  Supporting materials for my "Intelligence-Led Adversarial Threat Modelling with VECTR" workshop
  ☆56Updated last week
• 3gbCyber / IR-Last-Write-Time
  Simple Script to Help You Find All Files Has Been Modified, Accessed, and Created In A Range Time.
  ☆27Updated last year
• curated-intel / Initial-Access-Broker-Landscape
  A visualized overview of the Initial Access Broker (IAB) cybercrime landscape
  ☆108Updated 3 years ago
• BushidoUK / Abused-Legitimate-Services
  Cloud, CDN, and marketing services leveraged by cybercriminals and APT groups
  ☆57Updated 2 years ago
• mthcht / ThreatHunting-Keywords-sigma-rules
  Sigma detection rules for hunting with the threathunting-keywords project
  ☆47Updated 2 weeks ago
• nasbench / C2-Matrix-Indicators
  This repository aims to collect and document indicators from the different C2's listed in the C2-Matrix
  ☆72Updated 2 years ago
• QueenSquishy / plague
  Default Detections for EDR
  ☆94Updated 9 months ago
• swisscom / Invoke-Forensics
  Invoke-Forensics provides PowerShell commands to simplify working with the forensic tools KAPE and RegRipper.
  ☆109Updated 11 months ago
• op7ic / BlueTeam.Lab
  Blue Team detection lab created with Terraform and Ansible in Azure.
  ☆143Updated this week
• MHaggis / notes
  Full of public notes and Utilities
  ☆86Updated this week
• pr0xylife / IcedID
  ☆34Updated 11 months ago