A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you come from where did you go) in Security Incidents and Threat Hunts
☆182May 27, 2025Updated 10 months ago
Alternatives and similar repositories for Blauhaunt
Users that are interested in Blauhaunt are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ShellSweeping the evil.☆181Nov 25, 2024Updated last year
- ☆11Jun 12, 2023Updated 2 years ago
- A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID☆583Dec 6, 2025Updated 3 months ago
- A centralized and enhanced memory analysis platform☆523Mar 20, 2026Updated last week
- The purpose of this project is to publish and maintain the deployment PowerShell script that automates deployments for Active Directory C…☆258Nov 24, 2023Updated 2 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- ☆182Apr 24, 2025Updated 11 months ago
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆88Mar 11, 2026Updated 2 weeks ago
- DFIQ is a collection of investigative questions and the approaches for answering them☆303Mar 10, 2026Updated 2 weeks ago
- orc2timeline extracts and analyzes artifacts contained in archives generated with DFIR-ORC.exe to create a timeline from them☆34Jun 27, 2025Updated 9 months ago
- ☆568Mar 28, 2024Updated 2 years ago
- Documentation and scripts to properly enable Windows event logs.☆674Oct 3, 2025Updated 5 months ago
- This repository is meant to catalog network and host artifacts associated with various EDR products "shell" and response functionalities.☆92Aug 30, 2024Updated last year
- MDE relies on some of the Audit settings to be enabled☆100Jul 15, 2022Updated 3 years ago
- Modular web-application honeypot platform built using go and gin☆63May 8, 2024Updated last year
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Live Feed of C2 servers, tools, and botnets☆760Updated this week
- Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detection…☆864Jan 20, 2022Updated 4 years ago
- ☆33Feb 26, 2022Updated 4 years ago
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆89Feb 9, 2025Updated last year
- A repository to share publicly available Velociraptor detection content☆198Updated this week
- Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.☆3,088Mar 21, 2026Updated last week
- FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is de…☆819Mar 6, 2026Updated 3 weeks ago
- Awesome list of keywords and artifacts for Threat Hunting sessions☆648Aug 4, 2025Updated 7 months ago
- UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It …☆1,277Updated this week
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆150May 3, 2024Updated last year
- ☆56Dec 13, 2025Updated 3 months ago
- Secutils.dev is an open-source, versatile, yet simple security toolbox for engineers and researchers☆97Updated this week
- The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifa…☆648Nov 7, 2025Updated 4 months ago
- A preconfigured Velociraptor triage collector☆76Mar 2, 2026Updated 3 weeks ago
- Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI☆1,231Dec 31, 2025Updated 2 months ago
- ☆15May 3, 2024Updated last year
- An evolving repository of CloudTrail events with detailed descriptions, MITRE ATT&CK insights, real-world incidents, references and secur…☆174Mar 11, 2026Updated 2 weeks ago
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆794Mar 22, 2026Updated last week
- Simple, predictable pricing with DigitalOcean hosting • AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- ☆85Nov 21, 2024Updated last year
- Canary Detection☆194Oct 20, 2025Updated 5 months ago
- ☆253Jun 7, 2025Updated 9 months ago
- BadZure automates the deployment of intentionally misconfigured Entra ID tenants and Azure subscriptions, populating them with diverse en…☆506Mar 4, 2026Updated 3 weeks ago
- ☆38Apr 1, 2024Updated last year
- ☆93Jul 30, 2025Updated 7 months ago
- WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)☆779Feb 3, 2023Updated 3 years ago