blueteam0ps/det-eng-samples external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

blueteam0ps/det-eng-samples

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/blueteam0ps/det-eng-samples)

Close

blueteam0ps / det-eng-samplesView on GitHubMore

• External links
• Readme badge

This repository contains sample log data that were collected after running adversary simulations in Microsoft 365

☆24Oct 9, 2024Updated last year

Alternatives and similar repositories for det-eng-samples

Users that are interested in det-eng-samples are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• alwashali / yaa

  View on GitHub
  yaa - yaml search for humans
  ☆12Dec 8, 2025Updated 5 months ago
• Yamato-Security / suzaku-rules

  View on GitHub
  ☆11May 3, 2026Updated last week
• nturley3 / zeek-kerberos-haters-guide

  View on GitHub
  Kerberos Haters Guide to Zeek Threat Hunting
  ☆34Oct 14, 2021Updated 4 years ago
• dwmetz / Axiom-PowerShell

  View on GitHub
  PowerShell scripts to aid investigators when utilizing O365 and Magnet Axiom.
  ☆12Aug 26, 2024Updated last year
• libyal / winevt-kb

  View on GitHub
  Windows Event Log Knowledge Base
  ☆33Updated this week
• End-to-end encrypted email - Proton Mail • Ad
  Special offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
• invictus-ir / o365_dataset

  View on GitHub
  A dataset containing Office 365 Unified Audit Logs for security research and detection
  ☆59Jun 7, 2022Updated 3 years ago
• mnrkbys / ma2tl

  View on GitHub
  macOS forensic timeline generator using the analysis result DBs of mac_apt
  ☆94Sep 7, 2023Updated 2 years ago
• corelight / zerologon

  View on GitHub
  Zeek package to detect Zerologon
  ☆11Nov 10, 2021Updated 4 years ago
• microsoft / PSRule.Monitor

  View on GitHub
  Log PSRule analysis results to Azure Monitor.
  ☆16Apr 30, 2026Updated last week
• corelight / conn-burst

  View on GitHub
  A Bro package to identify connections that are bursting (lots of data and transferring quickly).
  ☆13Oct 15, 2020Updated 5 years ago
• DCSO / Blog_CyTec

  View on GitHub
  Repository to provide files related to our blog articles.
  ☆16May 26, 2025Updated 11 months ago
• bgrundy / cheatsheets-forensic

  View on GitHub
  Forensic cheatsheets for use with cheat
  ☆15Dec 2, 2021Updated 4 years ago
• ydkhatri / jarp

  View on GitHub
  Just Another broken Registry Parser (JARP)
  ☆16May 23, 2024Updated last year
• iamhunggy / StickyParser

  View on GitHub
  StickyParser - Sticky Notes Forensic. A Windows Sticky Notes Praser (snt and plum.sqlite supported). Additional Feature: SQLite Recovery …
  ☆21Jul 18, 2023Updated 2 years ago
• Proton VPN Special Offer - Get 70% off • Ad
  Special partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
• TedDriggs / cti

  View on GitHub
  Cyber threat intelligence crates for Rust
  ☆16Jan 22, 2024Updated 2 years ago
• invictus-ir / Sigma-AWS

  View on GitHub
  This repository contains the research and components of our research into using Sigma for AWS Incident Response.
  ☆31Jul 12, 2023Updated 2 years ago
• hashlookup / private-search-set

  View on GitHub
  Private Search Set (PSS) is an extension to standard Bloom filter or a standalone hash file to describe and share private set.
  ☆16Jan 10, 2025Updated last year
• blueteam0ps / AllthingsTimesketch

  View on GitHub
  This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.
  ☆121Oct 8, 2023Updated 2 years ago
• pkptzx / rawcopy-rs

  View on GitHub
  Primarily aimed at replicating files that cannot be directly copied due to being in use.
  ☆11Apr 22, 2024Updated 2 years ago
• LincolnLandForensics / HodgePodge

  View on GitHub
  /ˈhäjˌpäj/ "a confused mixture."
  ☆15Apr 30, 2026Updated last week
• strozfriedberg / QELP

  View on GitHub
  Quick ESXi Log Parser
  ☆31Oct 20, 2025Updated 6 months ago
• digitalsleuth / winfor-salt

  View on GitHub
  Windows Forensics Salt States
  ☆22Updated this week
• micrictor / spl-spt

  View on GitHub
  Zeek plugin to generate data on per-packet sizes and intervals
  ☆14Apr 21, 2020Updated 6 years ago
• Wordpress hosting with auto-scaling - Free Trial Offer • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• Yamato-Security / suzaku

  View on GitHub
  Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.
  ☆174May 3, 2026Updated last week
• AndrewRathbun / ForensicImageKAPEOutput

  View on GitHub
  A repository of output using KAPE (!EZParser Module) for various publicly available forensic images!
  ☆17Aug 31, 2024Updated last year
• chandrasekarrathinam / infosec

  View on GitHub
  Cyber | Cloud Security Checklist | Incident Response | Policy Template | Use cases
  ☆13Nov 24, 2020Updated 5 years ago
• stark4n6 / SQLiteWalker

  View on GitHub
  Python script to walk a folder or a zip file for SQLite Databases
  ☆37Sep 20, 2023Updated 2 years ago
• satta / gommunityid

  View on GitHub
  Go implementation of the Community ID flow hashing standard
  ☆22Apr 17, 2025Updated last year
• mnrkbys / fjta

  View on GitHub
  FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (ext4, XFS) journals (not systemd-journald logs), gene…
  ☆109Apr 8, 2026Updated last month
• kev365 / ToolFetcher

  View on GitHub
  A tool for fetching DFIR and other GitHub tools.
  ☆27Aug 2, 2025Updated 9 months ago
• Yamato-Security / hayabusa-sample-evtx

  View on GitHub
  Sample evtx files to use for testing hayabusa detection rules
  ☆64Nov 5, 2025Updated 6 months ago
• Yamato-Security / sigma-to-hayabusa-converter

  View on GitHub
  Documentation and tools to curate Sigma rules for Windows event logs into easier to parse rules.
  ☆16Oct 22, 2025Updated 6 months ago
• End-to-end encrypted cloud storage - Proton Drive • Ad
  Special offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
• google / dfiq

  View on GitHub
  DFIQ is a collection of investigative questions and the approaches for answering them
  ☆308Mar 10, 2026Updated 2 months ago
• northloopforensics / Bitlocker_Key_Finder

  View on GitHub
  Search datasets for Bitlocker recovery files and triage live systems for Bitlocker keys.
  ☆54Jan 26, 2025Updated last year
• dobin / defender2yara

  View on GitHub
  Convert Microsoft Defender Antivirus Signatures (VDM) into a SQL DB
  ☆24Jun 27, 2025Updated 10 months ago
• mvelazc0 / Invoke-SMBLogin

  View on GitHub
  Validates username & password combination(s) across a host or group of hosts using the SMB protocol.
  ☆15Apr 6, 2020Updated 6 years ago
• net-protect / google-fs-recover

  View on GitHub
  Google Filestream Forensic Tool
  ☆22Mar 10, 2022Updated 4 years ago
• corelight / detect-ransomware-filenames

  View on GitHub
  ☆18Dec 20, 2024Updated last year
• quadrantsec / sagan-rules

  View on GitHub
  ☆36Apr 29, 2026Updated last week