Alternatives and similar repositories for dfir-lab

Users that are interested in dfir-lab are comparing it to the libraries listed below

• AhmetPayaslioglu / YaraRules
  ☆22Updated 2 years ago
• stuxnet999 / EventTranscriptParser
  Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)
  ☆68Updated 2 years ago
• codeyourweb / irma
  enpoint detection / live analysis & sandbox host / signatures quality test
  ☆44Updated 4 years ago
• 3gbCyber / IR-Last-Write-Time
  Simple Script to Help You Find All Files Has Been Modified, Accessed, and Created In A Range Time.
  ☆27Updated 3 years ago
• binalyze / tigma
  Sigma Engine implementation in TypeScript
  ☆28Updated 2 years ago
• ThreatLabz / iocs
  This repository is for Indicators of Compromise (IOCs) from Zscaler ThreatLabz public reports
  ☆79Updated 2 weeks ago
• Tatsuya-hasegawa / MSTICPy_utils
  my MSTICpy practice and custom tools repository
  ☆11Updated 9 months ago
• kdrypr / CTI-Feed-Collector
  Open Source Cyber Threat Intelligence Feed Collector
  ☆17Updated 4 years ago
• jgasmussen / Linux-Baseline-and-Forensic-Triage-Tool
  Linux Baseline and Forensic Triage Tool - BETA
  ☆57Updated 3 years ago
• svch0stz / velociraptor-detections
  ☆22Updated 3 years ago
• svch0stz / TheThreatHuntLibrary
  Library of threat hunts to get any user started!
  ☆48Updated 5 years ago
• invoke-eric / jupyter
  Jupyter Notebooks for Cyber Threat Intelligence
  ☆35Updated 2 years ago
• infinitumitlabs / Karakurt-Hacking-Team-CTI
  IOC Data Obtained From Karakurt Hacking Team's Internal Infrastructure
  ☆34Updated 3 years ago
• curated-intel / attack-lookup
  A MITRE ATT&CK Lookup Tool
  ☆46Updated last year
• gsiddharth29 / Threat-Hunting
  Threat Hunt Investigation Methodology and Procedure
  ☆15Updated 3 years ago
• Beercow / DFIR_Toolbar
  ☆28Updated 3 months ago
• AbdulRhmanAlfaifi / Rhaegal
  Rhaegal is a tool written in Python 3 used to scan Windows Event Logs for suspicious logs. Rhaegal uses custom rule format to detect sus…
  ☆42Updated 2 years ago
• curated-intel / Threat-Actor-Profile-Guide
  The Threat Actor Profile Guide for CTI Analysts
  ☆116Updated 2 years ago
• DomainTools / DomainCAT
  Domain Connectivity Analysis Tools to analyze aggregate connectivity patterns across a set of domains during security investigations
  ☆46Updated 4 years ago
• NextronSystems / velociraptor-artifacts-thor
  Thor Artifacts for Velociraptor
  ☆19Updated 2 months ago
• ThreatMon / ThreatMon-Daily-C2-Feeds
  IOC Stream and Command and Control Database Containing Command and Control (C2) Servers Detected Daily by ThreatMon.
  ☆69Updated 2 years ago
• mattreduce / cti-self-study
  Track progress and keep notes while working through likethecoins' CTI Self Study Plan
  ☆29Updated 3 years ago
• AndrewRathbun / SANSGoldPaperResearch_FOR500_Rathbun
  A repository containing the research output from my GCFE Gold Paper which compared Windows 10 and Windows 11.
  ☆27Updated 3 years ago
• ADEOSec / Digital-Forensic-Training
  The Chupacabra case study was created by the ADEO dfir team due to the lack of resources and applications in the digital forensics field.…
  ☆23Updated 3 years ago
• MALWARE-ATLAS / ATLAS
  ATLAS - Malware Analysis Description
  ☆21Updated 2 years ago
• montysecurity / InfraHunter
  Actively hunt for attacker infrastructure by filtering Shodan results with URLScan data.
  ☆63Updated last year
• hpthreatresearch / tools
  Scripts and tools accompanying HP Threat Research blog posts and reports.
  ☆50Updated last year
• curated-intel / MOVEit-Transfer
  A repository for tracking events related to the MOVEit Transfer Cl0p Campaign
  ☆71Updated 2 years ago
• BinaryDefense / YaraMemoryScanner
  Simple PowerShell script to enable process scanning with Yara.
  ☆98Updated 3 years ago
• Sam0x90 / CB-Threat-Hunting
  CarbonBlack EDR detection rules and response actions
  ☆73Updated last year