Alternatives and similar repositories for det-eng-samples

Users that are interested in det-eng-samples are comparing it to the libraries listed below

• nturley3 / zeek-kerberos-haters-guide

  View on GitHub
  Kerberos Haters Guide to Zeek Threat Hunting
  ☆34Oct 14, 2021Updated 4 years ago
• dwmetz / Axiom-PowerShell

  View on GitHub
  PowerShell scripts to aid investigators when utilizing O365 and Magnet Axiom.
  ☆12Aug 26, 2024Updated last year
• Yamato-Security / suzaku-rules

  View on GitHub
  ☆11Dec 9, 2025Updated 2 months ago
• invictus-ir / Sigma-AWS

  View on GitHub
  This repository contains the research and components of our research into using Sigma for AWS Incident Response.
  ☆31Jul 12, 2023Updated 2 years ago
• corelight / conn-burst

  View on GitHub
  A Bro package to identify connections that are bursting (lots of data and transferring quickly).
  ☆13Oct 15, 2020Updated 5 years ago
• LincolnLandForensics / HodgePodge

  View on GitHub
  /ˈhäjˌpäj/ "a confused mixture."
  ☆13Updated this week
• alwashali / yaa

  View on GitHub
  yaa - yaml search for humans
  ☆12Dec 8, 2025Updated 2 months ago
• corelight / Dashboards-Splunk-DNS-Hunting-Beaconing

  View on GitHub
  DNS Dashboard for hunting and identifying beaconing
  ☆16Jul 29, 2020Updated 5 years ago
• TedDriggs / cti

  View on GitHub
  Cyber threat intelligence crates for Rust
  ☆16Jan 22, 2024Updated 2 years ago
• RegSeek / regseek.github.io

  View on GitHub
  Vault of Windows Registry forensic artifacts
  ☆26Nov 12, 2025Updated 3 months ago
• DCSO / Blog_CyTec

  View on GitHub
  Repository to provide files related to our blog articles.
  ☆16May 26, 2025Updated 8 months ago
• Center-Sun / suricata-kafka-output

  View on GitHub
  provides a Suricata Eve output for Kafka with Suricate Eve plugin
  ☆15Nov 25, 2021Updated 4 years ago
• stark4n6 / SQLiteWalker

  View on GitHub
  Python script to walk a folder or a zip file for SQLite Databases
  ☆37Sep 20, 2023Updated 2 years ago
• dobin / defender2yara

  View on GitHub
  Convert Microsoft Defender Antivirus Signatures (VDM) into a SQL DB
  ☆24Jun 27, 2025Updated 7 months ago
• ydkhatri / jarp

  View on GitHub
  Just Another broken Registry Parser (JARP)
  ☆16May 23, 2024Updated last year
• JustinAzoff / gotm

  View on GitHub
  Full packet capture with flow cutoff, rotation, and compression
  ☆15Sep 18, 2018Updated 7 years ago
• iamhunggy / StickyParser

  View on GitHub
  StickyParser - Sticky Notes Forensic. A Windows Sticky Notes Praser (snt and plum.sqlite supported). Additional Feature: SQLite Recovery …
  ☆20Jul 18, 2023Updated 2 years ago
• bgrundy / cheatsheets-forensic

  View on GitHub
  Forensic cheatsheets for use with cheat
  ☆15Dec 2, 2021Updated 4 years ago
• AndrewRathbun / ForensicImageKAPEOutput

  View on GitHub
  A repository of output using KAPE (!EZParser Module) for various publicly available forensic images!
  ☆17Aug 31, 2024Updated last year
• satta / gommunityid

  View on GitHub
  Go implementation of the Community ID flow hashing standard
  ☆21Apr 17, 2025Updated 9 months ago
• hashlookup / private-search-set

  View on GitHub
  Private Search Set (PSS) is an extension to standard Bloom filter or a standalone hash file to describe and share private set.
  ☆16Jan 10, 2025Updated last year
• digitalsleuth / winfor-salt

  View on GitHub
  Windows Forensics Salt States
  ☆20Feb 7, 2026Updated last week
• blueteam0ps / AllthingsTimesketch

  View on GitHub
  This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.
  ☆118Oct 8, 2023Updated 2 years ago
• lacioffi / PDFSanitizer

  View on GitHub
  Renders possibly unsafe PDF files and outputs harmless PDF files
  ☆26Jan 6, 2022Updated 4 years ago
• corelight / detect-ransomware-filenames

  View on GitHub
  ☆18Dec 20, 2024Updated last year
• taktv6 / go-traffic-mon

  View on GitHub
  High resolution traffic measurement tool for Linux written in Go
  ☆19Jul 28, 2019Updated 6 years ago
• Macmod / flashingestor

  View on GitHub
  A TUI for Active Directory collection.
  ☆67Feb 3, 2026Updated last week
• net-protect / google-fs-recover

  View on GitHub
  Google Filestream Forensic Tool
  ☆22Mar 10, 2022Updated 3 years ago
• Kielx / AnyGrabber

  View on GitHub
  Simplify AnyDesk log analysis by effortlessly searching, extracting, and generating reports on IP addresses and login dates.
  ☆18May 31, 2024Updated last year
• mnrkbys / fjta

  View on GitHub
  FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (ext4, XFS) journals (not systemd-journald logs), gene…
  ☆103Jan 13, 2026Updated last month
• northloopforensics / Bitlocker_Key_Finder

  View on GitHub
  Search datasets for Bitlocker recovery files and triage live systems for Bitlocker keys.
  ☆51Jan 26, 2025Updated last year
• jafarspalace / Crowdstrike-Falcon-Scripts

  View on GitHub
  Powershell Scripts to work on Crowdstrike Falcon that pull back raw data relevant to forensic investigation
  ☆23Dec 18, 2024Updated last year
• acgabbert / IOC-Lens

  View on GitHub
  IOC Lens is an Obsidian plugin for cyber security note taking.
  ☆24Dec 12, 2024Updated last year
• kev365 / ToolFetcher

  View on GitHub
  A tool for fetching DFIR and other GitHub tools.
  ☆25Aug 2, 2025Updated 6 months ago
• Yamato-Security / suzaku

  View on GitHub
  Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.
  ☆167Dec 7, 2025Updated 2 months ago
• strozfriedberg / QELP

  View on GitHub
  Quick ESXi Log Parser
  ☆29Oct 20, 2025Updated 3 months ago
• corelight / pycommunityid

  View on GitHub
  A Python implementation of the Community ID flow hashing standard
  ☆24Nov 29, 2023Updated 2 years ago
• 00010111 / gMetaDataParse

  View on GitHub
  ☆24Mar 12, 2025Updated 11 months ago
• libyal / winevt-kb

  View on GitHub
  Windows Event Log Knowledge Base
  ☆29Dec 23, 2025Updated last month