A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you come from where did you go) in Security Incidents and Threat Hunts
☆184Apr 17, 2026Updated 2 months ago
Alternatives and similar repositories for Blauhaunt
Users that are interested in Blauhaunt are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ShellSweeping the evil.☆183Nov 25, 2024Updated last year
- ☆11Jun 12, 2023Updated 3 years ago
- A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID☆631Jun 3, 2026Updated 2 weeks ago
- ☆209May 10, 2026Updated last month
- A centralized and enhanced memory analysis platform☆526Mar 20, 2026Updated 2 months ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- The purpose of this project is to publish and maintain the deployment PowerShell script that automates deployments for Active Directory C…☆260Nov 24, 2023Updated 2 years ago
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆91Mar 11, 2026Updated 3 months ago
- DFIQ is a collection of investigative questions and the approaches for answering them☆309Mar 10, 2026Updated 3 months ago
- orc2timeline extracts and analyzes artifacts contained in archives generated with DFIR-ORC.exe to create a timeline from them☆34Jun 27, 2025Updated 11 months ago
- ☆570Mar 28, 2024Updated 2 years ago
- Documentation and scripts to properly enable Windows event logs.☆706Oct 3, 2025Updated 8 months ago
- This repository is meant to catalog network and host artifacts associated with various EDR products "shell" and response functionalities.☆94Aug 30, 2024Updated last year
- Modular web-application honeypot platform built using go and gin☆63May 8, 2024Updated 2 years ago
- MDE relies on some of the Audit settings to be enabled☆101Jul 15, 2022Updated 3 years ago
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- Live Feed of C2 servers, tools, and botnets☆773Apr 13, 2026Updated 2 months ago
- ☆33Feb 26, 2022Updated 4 years ago
- Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detection…☆867Jan 20, 2022Updated 4 years ago
- A repository to share publicly available Velociraptor detection content☆203Updated this week
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆89Feb 9, 2025Updated last year
- Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.☆3,201Jun 7, 2026Updated last week
- FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is de…☆821Apr 18, 2026Updated 2 months ago
- Awesome list of keywords and artifacts for Threat Hunting sessions☆659Aug 4, 2025Updated 10 months ago
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆153May 3, 2024Updated 2 years ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It …☆1,378May 28, 2026Updated 3 weeks ago
- ☆57Dec 13, 2025Updated 6 months ago
- The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifa…☆656May 11, 2026Updated last month
- A preconfigured Velociraptor triage collector☆77Jun 4, 2026Updated 2 weeks ago
- Initial Access and Post-Exploitation Tool for Entra ID and M365 with a browser-based GUI☆1,306Jun 9, 2026Updated last week
- An evolving repository of CloudTrail events with detailed descriptions, MITRE ATT&CK insights, real-world incidents, references and secur…☆174Mar 11, 2026Updated 3 months ago
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆823May 30, 2026Updated 2 weeks ago
- ☆84Nov 21, 2024Updated last year
- Canary Detection☆195Oct 20, 2025Updated 7 months ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- ☆263Jun 7, 2025Updated last year
- BadZure automates the deployment of intentionally misconfigured Entra ID tenants and Azure subscriptions, populating them with diverse en…☆509Updated this week
- ☆38Apr 1, 2024Updated 2 years ago
- ☆16May 3, 2024Updated 2 years ago
- ☆93Jul 30, 2025Updated 10 months ago
- WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)☆774Feb 3, 2023Updated 3 years ago
- Microsoft Graph API post-exploitation toolkit☆95Jul 13, 2024Updated last year