Data visualization for blue teams
☆126Jan 20, 2023Updated 3 years ago
Alternatives and similar repositories for detectree
Users that are interested in detectree are comparing it to the libraries listed below
Sorting:
- ☆20May 30, 2025Updated 8 months ago
- Evtx Log (xml) Browser☆56Mar 12, 2023Updated 2 years ago
- Analyzing AD domains for security risks related to user accounts☆64Nov 11, 2022Updated 3 years ago
- Incident response teams usually working on the offline data, collecting the evidence, then analyze the data☆45Jan 2, 2022Updated 4 years ago
- A python script developed to process Windows memory images based on triage type.☆266Nov 25, 2023Updated 2 years ago
- Further investigation in to APT campaigns disclosed by private security firms and security agencies☆86Jun 4, 2022Updated 3 years ago
- Blueteam operational triage registry hunting/forensic tool.☆149Sep 2, 2025Updated 5 months ago
- A collection of Script for Red Team & Incidence Response☆11Jun 30, 2022Updated 3 years ago
- Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detection…☆863Jan 20, 2022Updated 4 years ago
- Cmdlets for capturing Windows Events☆14Mar 11, 2022Updated 3 years ago
- Hundred Days of Yara Challenge☆12Jun 21, 2022Updated 3 years ago
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆785Updated this week
- A wireshark plugin to instrument ETW☆580Jan 28, 2022Updated 4 years ago
- Tool to start processes as SYSTEM using token duplication☆37Oct 27, 2020Updated 5 years ago
- Threat Hunting tool about Sysmon and graphs☆335May 28, 2023Updated 2 years ago
- A repository of Sysmon For Linux configuration modules☆16Oct 14, 2021Updated 4 years ago
- ☆226Sep 8, 2022Updated 3 years ago
- Sysmon EDR POC Build within Powershell to prove ability.☆223May 1, 2021Updated 4 years ago
- Collaborative Incident Response platform☆1,396Feb 16, 2026Updated last week
- RPC Monitor tool based on Event Tracing for Windows☆383Aug 19, 2024Updated last year
- WptsExtensions.dll for exploiting DLL hijacking of the task scheduler.☆56Jun 30, 2021Updated 4 years ago
- FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is de…☆817Feb 17, 2025Updated last year
- ☆43Oct 11, 2023Updated 2 years ago
- Microsoft Threat Intelligence Security Tools☆1,947Feb 10, 2026Updated 2 weeks ago
- Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.☆208Jul 21, 2022Updated 3 years ago
- ☆252Sep 28, 2023Updated 2 years ago
- Collection of Event ID ressources useful for Digital Forensics and Incident Response☆643Jun 19, 2024Updated last year
- Open source training materials for law-enforcement and organisations interested in DFIR.☆63May 30, 2025Updated 9 months ago
- Rapidly Search and Hunt through Windows Forensic Artefacts☆3,452Feb 14, 2026Updated last week
- Transform Linux Audit logs for SIEM usage☆812Updated this week
- Malkom is an extensible and simple similarity graph generator for malware analysis aimed at helping analysts visualize and cluster sets o…☆17Apr 6, 2023Updated 2 years ago
- Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of par…☆253Nov 18, 2024Updated last year
- ☆214Dec 2, 2025Updated 2 months ago
- Windows Events Attack Samples☆2,515Jan 24, 2023Updated 3 years ago
- Accelerating the collection, processing, analysis and outputting of digital forensic artefacts.☆32Nov 23, 2025Updated 3 months ago
- CyberChef - Detection Engineering, TI, DFIR, Malware Analysis Edition☆66Aug 10, 2022Updated 3 years ago
- Public Repo for Atomic Test Harness☆282Apr 8, 2025Updated 10 months ago
- Re-play Security Events☆1,723Mar 20, 2024Updated last year
- Cloud Templates and scripts to deploy mordor environments☆129Mar 3, 2021Updated 4 years ago