bfuzzy / ThreatHunter-PlaybookView external linksLinks
A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
☆14Jul 18, 2018Updated 7 years ago
Alternatives and similar repositories for ThreatHunter-Playbook
Users that are interested in ThreatHunter-Playbook are comparing it to the libraries listed below
Sorting:
- Duo MFA auditing tool to test users' likelihood of approving unexpected push notifications☆13Apr 20, 2018Updated 7 years ago
- Cli interface to threatcrowd.org☆20Jul 6, 2017Updated 8 years ago
- An updated C# port of X-Ways X-Tensions API.☆11Mar 12, 2018Updated 7 years ago
- Server for receiving autorun data from the clients☆13Sep 26, 2017Updated 8 years ago
- My attempts at making life with VMware that little bit easier.☆11Aug 7, 2023Updated 2 years ago
- Fetching data from system☆12Jun 18, 2017Updated 8 years ago
- Python 3 library to build YARA rules.☆13Oct 24, 2021Updated 4 years ago
- A Zeek package that detects Zoom logins and meeting joins☆12Apr 15, 2020Updated 5 years ago
- Registry to JSON. This Project is for learning purposes and is not maintained.☆12Dec 28, 2021Updated 4 years ago
- Sysmon config for both Windows and Linux Devices. Windows one is a bit dated☆55Jul 10, 2024Updated last year
- Small scripts and POCs related to digital forensics☆18Nov 1, 2022Updated 3 years ago
- ☆15Nov 11, 2015Updated 10 years ago
- The Multiplatform Linux Sandbox☆16Dec 19, 2023Updated 2 years ago
- Fast multipattern regular expression searching for digital forensics☆18Jul 31, 2019Updated 6 years ago
- Package for building command line apps in Go☆17Oct 26, 2018Updated 7 years ago
- Carve $MFT records from a chunk of data (for instance a memory dump)☆16Aug 21, 2016Updated 9 years ago
- Registry Miner☆14Apr 10, 2018Updated 7 years ago
- Get USB Devices from Registry hives☆22Nov 15, 2021Updated 4 years ago
- A Python library for being a CND Batman....☆35Oct 29, 2015Updated 10 years ago
- ☆51Apr 13, 2020Updated 5 years ago
- ☆18Apr 4, 2019Updated 6 years ago
- Some IR notes☆73Jul 23, 2016Updated 9 years ago
- MacOS incident Response Toolkit. Mostly written while stuck on a NJTransit train.☆20Feb 20, 2020Updated 5 years ago
- Manage Your Large Team of Consultants☆11Sep 18, 2025Updated 4 months ago
- [DEPRECATED] A quickstart demo for Kolide tools☆52May 29, 2018Updated 7 years ago
- A python module for orchestrating content acquisitions and analysis via amazon ssm.☆58Nov 2, 2023Updated 2 years ago
- Queries to parse sysmon event log file with microsoft logparser☆58Mar 31, 2015Updated 10 years ago
- Windows Event Log Knowledge Base☆29Dec 23, 2025Updated last month
- Binary commandline executable to parse ETL files☆69Jun 7, 2018Updated 7 years ago
- Monitor the textual data pasted into Windows clipboard☆29Nov 4, 2018Updated 7 years ago
- Python unbup script for McAfee .bup files (with some additional fun features). This script is fully implemented in python it's not just a…☆37Apr 24, 2018Updated 7 years ago
- Assorted classes and methods for indexing reports and retrieving information from an elastic index☆21Jul 5, 2016Updated 9 years ago
- Configuration security audit framework☆21Apr 27, 2016Updated 9 years ago
- onigiri - remote malware triage script☆24Nov 5, 2015Updated 10 years ago
- Extract common Windows artifacts from source images and VSCs☆64May 10, 2021Updated 4 years ago
- References for FIRST CTI 2019 Symposium presentation☆23Mar 19, 2019Updated 6 years ago
- Windows registry samples☆24Nov 18, 2018Updated 7 years ago
- A tool to speed up the process of doing the same simple IP/Domain Name lookups over and over again.☆66Dec 12, 2018Updated 7 years ago
- Automated Docker MISP container - Malware Information Sharing Platform and Threat Sharing☆177Mar 23, 2021Updated 4 years ago