blueteam0ps/det-eng-samples

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/blueteam0ps/det-eng-samples)

blueteam0ps / det-eng-samples

This repository contains sample log data that were collected after running adversary simulations in Microsoft 365

☆24

Alternatives and similar repositories for det-eng-samples

Users that are interested in det-eng-samples are comparing it to the libraries listed below

Sorting:

dwmetz / Axiom-PowerShell
View on GitHub
PowerShell scripts to aid investigators when utilizing O365 and Magnet Axiom.
☆12Aug 26, 2024Updated last year
Yamato-Security / suzaku-rules
View on GitHub
☆11Dec 9, 2025Updated 2 months ago
invictus-ir / Sigma-AWS
View on GitHub
This repository contains the research and components of our research into using Sigma for AWS Incident Response.
☆31Jul 12, 2023Updated 2 years ago
corelight / zerologon
View on GitHub
Zeek package to detect Zerologon
☆11Nov 10, 2021Updated 4 years ago
corelight / conn-burst
View on GitHub
A Bro package to identify connections that are bursting (lots of data and transferring quickly).
☆13Oct 15, 2020Updated 5 years ago
invictus-ir / o365_dataset
View on GitHub
A dataset containing Office 365 Unified Audit Logs for security research and detection
☆58Jun 7, 2022Updated 3 years ago
LincolnLandForensics / HodgePodge
View on GitHub
/ˈhäjˌpäj/ "a confused mixture."
☆13Feb 26, 2026Updated last week
alwashali / yaa
View on GitHub
yaa - yaml search for humans
☆12Dec 8, 2025Updated 3 months ago
corelight / Dashboards-Splunk-DNS-Hunting-Beaconing
View on GitHub
DNS Dashboard for hunting and identifying beaconing
☆16Jul 29, 2020Updated 5 years ago
mnrkbys / ma2tl
View on GitHub
macOS forensic timeline generator using the analysis result DBs of mac_apt
☆93Sep 7, 2023Updated 2 years ago
TedDriggs / cti
View on GitHub
Cyber threat intelligence crates for Rust
☆16Jan 22, 2024Updated 2 years ago
DCSO / Blog_CyTec
View on GitHub
Repository to provide files related to our blog articles.
☆16May 26, 2025Updated 9 months ago
stark4n6 / SQLiteWalker
View on GitHub
Python script to walk a folder or a zip file for SQLite Databases
☆37Sep 20, 2023Updated 2 years ago
bgrundy / cheatsheets-forensic
View on GitHub
Forensic cheatsheets for use with cheat
☆15Dec 2, 2021Updated 4 years ago
RegSeek / regseek.github.io
View on GitHub
Vault of Windows Registry forensic artifacts
☆28Nov 12, 2025Updated 3 months ago
dobin / defender2yara
View on GitHub
Convert Microsoft Defender Antivirus Signatures (VDM) into a SQL DB
☆24Jun 27, 2025Updated 8 months ago
micrictor / spl-spt
View on GitHub
Zeek plugin to generate data on per-packet sizes and intervals
☆14Apr 21, 2020Updated 5 years ago
JustinAzoff / gotm
View on GitHub
Full packet capture with flow cutoff, rotation, and compression
☆15Sep 18, 2018Updated 7 years ago
AndrewRathbun / ForensicImageKAPEOutput
View on GitHub
A repository of output using KAPE (!EZParser Module) for various publicly available forensic images!
☆17Aug 31, 2024Updated last year
ydkhatri / jarp
View on GitHub
Just Another broken Registry Parser (JARP)
☆16May 23, 2024Updated last year
iamhunggy / StickyParser
View on GitHub
StickyParser - Sticky Notes Forensic. A Windows Sticky Notes Praser (snt and plum.sqlite supported). Additional Feature: SQLite Recovery …
☆20Jul 18, 2023Updated 2 years ago
digitalsleuth / winfor-salt
View on GitHub
Windows Forensics Salt States
☆21Updated this week
satta / gommunityid
View on GitHub
Go implementation of the Community ID flow hashing standard
☆21Apr 17, 2025Updated 10 months ago
hashlookup / private-search-set
View on GitHub
Private Search Set (PSS) is an extension to standard Bloom filter or a standalone hash file to describe and share private set.
☆16Jan 10, 2025Updated last year
blueteam0ps / AllthingsTimesketch
View on GitHub
This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.
☆118Oct 8, 2023Updated 2 years ago
taktv6 / go-traffic-mon
View on GitHub
High resolution traffic measurement tool for Linux written in Go
☆19Jul 28, 2019Updated 6 years ago
corelight / detect-ransomware-filenames
View on GitHub
☆18Dec 20, 2024Updated last year
net-protect / google-fs-recover
View on GitHub
Google Filestream Forensic Tool
☆22Mar 10, 2022Updated 3 years ago
Kielx / AnyGrabber
View on GitHub
Simplify AnyDesk log analysis by effortlessly searching, extracting, and generating reports on IP addresses and login dates.
☆18May 31, 2024Updated last year
mnrkbys / fjta
View on GitHub
FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (ext4, XFS) journals (not systemd-journald logs), gene…
☆103Jan 13, 2026Updated last month
northloopforensics / Bitlocker_Key_Finder
View on GitHub
Search datasets for Bitlocker recovery files and triage live systems for Bitlocker keys.
☆51Jan 26, 2025Updated last year
jafarspalace / Crowdstrike-Falcon-Scripts
View on GitHub
Powershell Scripts to work on Crowdstrike Falcon that pull back raw data relevant to forensic investigation
☆23Dec 18, 2024Updated last year
kev365 / ToolFetcher
View on GitHub
A tool for fetching DFIR and other GitHub tools.
☆25Aug 2, 2025Updated 7 months ago
Yamato-Security / suzaku
View on GitHub
Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.
☆168Dec 7, 2025Updated 3 months ago
corelight / pycommunityid
View on GitHub
A Python implementation of the Community ID flow hashing standard
☆23Nov 29, 2023Updated 2 years ago
00010111 / gMetaDataParse
View on GitHub
☆24Mar 12, 2025Updated 11 months ago
Yamato-Security / hayabusa-sample-evtx
View on GitHub
Sample evtx files to use for testing hayabusa detection rules
☆65Nov 5, 2025Updated 4 months ago
libyal / winevt-kb
View on GitHub
Windows Event Log Knowledge Base
☆31Dec 23, 2025Updated 2 months ago
ruppde / yara_rules
View on GitHub
Yara rules
☆22Mar 27, 2023Updated 2 years ago