Alternatives and similar repositories for dfir-lab

Users that are interested in dfir-lab are comparing it to the libraries listed below

• AhmetPayaslioglu / YaraRules
  ☆21Updated 2 years ago
• codeyourweb / irma
  enpoint detection / live analysis & sandbox host / signatures quality test
  ☆44Updated 4 years ago
• binalyze / tigma
  Sigma Engine implementation in TypeScript
  ☆28Updated 2 years ago
• invoke-eric / jupyter
  Jupyter Notebooks for Cyber Threat Intelligence
  ☆35Updated 2 years ago
• Tatsuya-hasegawa / MSTICPy_utils
  my MSTICpy practice and custom tools repository
  ☆11Updated 7 months ago
• Velocidex / SQLiteHunter
  Hunt for SQLite files used by various applications
  ☆27Updated last month
• MALWARE-ATLAS / ATLAS
  ATLAS - Malware Analysis Description
  ☆21Updated 2 years ago
• BinaryDefense / YaraMemoryScanner
  Simple PowerShell script to enable process scanning with Yara.
  ☆96Updated 3 years ago
• NextronSystems / evtx-baseline
  A repository hosting example goodware evtx logs containing sample software installation and basic user interaction
  ☆84Updated 2 months ago
• ThreatLabz / iocs
  This repository is for Indicators of Compromise (IOCs) from Zscaler ThreatLabz public reports
  ☆75Updated 4 months ago
• svch0stz / velociraptor-detections
  ☆22Updated 2 years ago
• curated-intel / MOVEit-Transfer
  A repository for tracking events related to the MOVEit Transfer Cl0p Campaign
  ☆71Updated 2 years ago
• svch0stz / TheThreatHuntLibrary
  Library of threat hunts to get any user started!
  ☆46Updated 5 years ago
• r00tten / VTI-Cosplay
  Low budget VirusTotal Intelligence Cosplay
  ☆20Updated 3 years ago
• yarox24 / EvtxHussar
  Initial triage of Windows Event logs
  ☆104Updated last year
• jstrosch / subcrawl
  SubCrawl is a modular framework for discovering open directories, identifying unique content through signatures and organizing the data w…
  ☆54Updated last year
• alwashali / detection-validation
  Detection rule validation
  ☆40Updated 2 years ago
• DomainTools / DomainCAT
  Domain Connectivity Analysis Tools to analyze aggregate connectivity patterns across a set of domains during security investigations
  ☆45Updated 4 years ago
• MalGamy / YARA_Rules
  ☆67Updated 2 years ago
• rapid7 / Rapid7-Labs
  Rapid7 Labs operates as the division of Rapid7 focused on threat research. It is renowned for providing comprehensive threat intelligence…
  ☆73Updated 6 months ago
• stuxnet999 / EventTranscriptParser
  Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)
  ☆67Updated 2 years ago
• joeavanzato / crackdown
  Helping Incident Responders hunt for potential persistence mechanisms on UNIX-based systems.
  ☆17Updated 2 years ago
• DCScoder / ESXiTri
  ESXi Cyber Security Incident Response Script
  ☆25Updated last year
• ashemery / WindowsDFIR
  Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or event…
  ☆78Updated 4 years ago
• hpthreatresearch / tools
  Scripts and tools accompanying HP Threat Research blog posts and reports.
  ☆50Updated last year
• Beercow / DFIR_Toolbar
  ☆27Updated last month
• jgasmussen / Linux-Baseline-and-Forensic-Triage-Tool
  Linux Baseline and Forensic Triage Tool - BETA
  ☆57Updated 3 years ago
• humpalum / vscode-sigma
  ☆17Updated last month
• NexusFuzzy / raccoon_config
  Scans a list of raccoon servers from Tria.ge and extracts the config
  ☆15Updated 2 years ago
• c2links / NoWhere2Hide
  C2 Active Scanner
  ☆60Updated last year