StevenD33 / Lab-DFIR-SOCLinks
☆68Updated 4 years ago
Alternatives and similar repositories for Lab-DFIR-SOC
Users that are interested in Lab-DFIR-SOC are comparing it to the libraries listed below
Sorting:
- Lupo - Malware IOC Extractor. Debugging module for Malware Analysis Automation☆105Updated 3 years ago
- IOC Collection 2022☆57Updated 2 years ago
- This repo is where I store my Threat Hunting ideas/content☆88Updated 2 years ago
- Blueteam operational triage registry hunting/forensic tool.☆149Updated 2 years ago
- A Cobalt Strike Scanner that retrieves detected Team Server beacons into a JSON object☆169Updated 2 years ago
- ☆96Updated 3 months ago
- evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.☆155Updated 3 years ago
- Further investigation in to APT campaigns disclosed by private security firms and security agencies☆86Updated 3 years ago
- A Python package is used to execute Atomic Red Team tests (Atomics) across multiple operating system environments.☆135Updated last year
- A series of PowerShell scripts to automate collection of forensic artefacts in most Incident Response environments☆65Updated 3 years ago
- Simple Script to Help You Find All Files Has Been Modified, Accessed, and Created In A Range Time.☆27Updated 2 years ago
- Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.☆204Updated 3 years ago
- Simple PowerShell script to enable process scanning with Yara.☆97Updated 2 years ago
- A GUI to query the API of abuse.ch.☆70Updated 3 years ago
- Carbon Black Response IR tool☆54Updated 4 years ago
- Placeholder for my detection repo and misc detection engineering content☆42Updated last year
- Library of threat hunts to get any user started!☆45Updated 4 years ago
- Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or event…☆78Updated 4 years ago
- Automating EDR Testing with reference to MITRE ATTACK via Cobalt Strike [Purple Team].☆157Updated 2 years ago
- A visualized overview of the Initial Access Broker (IAB) cybercrime landscape☆114Updated 3 years ago
- ☆69Updated 6 months ago
- Cloud, CDN, and marketing services leveraged by cybercriminals and APT groups☆60Updated 2 years ago
- A Jupyter notebook to assist with the analysis of the output generated from Volatility memory extraction framework.☆97Updated 2 years ago
- Initial triage of Windows Event logs☆102Updated last year
- Active C2 IoCs☆99Updated 2 years ago
- Notes and IoCs of fresh malware☆59Updated last year
- Linux Evidence Acquisition Framework☆119Updated 10 months ago
- This repository contains analysis scripts, YARA rules, and additional IoCs related to our Telekom Security blog posts.☆116Updated last year
- ☆43Updated last month
- ☆33Updated last year