YossiSassi / hAcKtive-Directory-Forensics

Related projects ⓘ

Alternatives and complementary repositories for hAcKtive-Directory-Forensics

• jischell-msft / RemoteManagementMonitoringTools
  Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations
  ☆78Updated 3 months ago
• DefensiveOrigins / DO-LAB
  ☆43Updated 3 weeks ago
• LaresLLC / SysmonConfigPusher
  Pushes Sysmon Configs
  ☆89Updated 3 years ago
• NextronSystems / nextron-helper-scripts
  Public tools, scripts or code snippets that can help when working with our products
  ☆46Updated 2 months ago
• MHaggis / notes
  Full of public notes and Utilities
  ☆82Updated 2 months ago
• swisscom / Invoke-Forensics
  Invoke-Forensics provides PowerShell commands to simplify working with the forensic tools KAPE and RegRipper.
  ☆109Updated 11 months ago
• reprise99 / 4688-sysmon
  ☆48Updated last year
• mvelazc0 / PurpleTeamPlaybook
  Active Directory Purple Team Playbook
  ☆104Updated last year
• nov3mb3r / trident
  A PowerShell incident response script for quick triage
  ☆75Updated 2 years ago
• humio / security_monitoring
  ☆40Updated last year
• hackjalstead / IRCP
  A series of PowerShell scripts to automate collection of forensic artefacts in most Incident Response environments
  ☆64Updated 2 years ago
• olafhartong / WDACme
  A WDAC configuration repository with the sole intention of enriching MDE
  ☆27Updated last year
• invictus-ir / Blue-team-app-Office-365-and-Azure
  ☆70Updated 2 weeks ago
• PlumHound / PlumHound-Tasks
  Community Tasks/Plans for PlumHound Queueing
  ☆23Updated last year
• paladin316 / ThreatHunting
  This repo is where I store my Threat Hunting ideas/content
  ☆85Updated last year
• magicsword-io / LOLBASline
  Baseline a Windows System against LOLBAS
  ☆24Updated 6 months ago
• olafhartong / DefenderHarvester
  Expose a lot of MDE telemetry that is not easily accessible in any searchable form
  ☆99Updated 3 months ago
• secgroundzero / KQL_Reference_Manual
  ☆40Updated 3 years ago
• NextronSystems / evtx-baseline
  A repository hosting example goodware evtx logs containing sample software installation and basic user interaction
  ☆68Updated 11 months ago
• csababarta / memory-baseliner
  Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…
  ☆49Updated last year
• Squiblydoo / certReport
  A tool to support the reporting of Authenticode Certificates by reducing the effort on individuals to report.
  ☆27Updated last month
• dwmetz / QuickPcap
  A quick and easy PowerShell script to collect a packet trace with option to convert .etl to .pcap.
  ☆40Updated 2 years ago
• securityjoes / Crowdstrike-Deploy
  The ultimate solution for remotely deploying Crowdstrike sensors quickly and discreetly on any other EDR platform.
  ☆22Updated 2 months ago
• evild3ad / Get-MiniTimeline
  Get-MiniTimeline - Triage Collection and Timeline Generation w/ KAPE
  ☆26Updated 5 months ago
• nmantani / PS-TrustedDocuments
  PS-TrustedDocuments: PowerShell script to handle information on trusted documents for Microsoft Office
  ☆34Updated last year
• Ruler-Project / ruler-project
  Remote access and Antivirus Logging Database
  ☆41Updated 6 months ago
• rj-chap / BaselineTraining
  Notes from my "Implementing a Kick-Butt Training Program: Blue Team GO!" talk
  ☆12Updated 5 years ago
• CyberDefend3r / PowerShell-Deobfuscation-Exercise
  An exercise to practice deobfuscating PowerShell Scripts.
  ☆28Updated last year
• Bert-JanP / Domain-Response
  Domain Response is a tool that is designed to help you automate the investigation for a domain. This tool is specificly designed to autom…
  ☆44Updated 7 months ago
• mr-r3b00t / KQL
  This is for my crappy (but hopefully useful) MDE and Sentinel KQL queries! #KQLThePlanet
  ☆10Updated last year