A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you come from where did you go) in Security Incidents and Threat Hunts
☆181May 27, 2025Updated 9 months ago
Alternatives and similar repositories for Blauhaunt
Users that are interested in Blauhaunt are comparing it to the libraries listed below
Sorting:
- ☆11Jun 12, 2023Updated 2 years ago
- ShellSweeping the evil.☆181Nov 25, 2024Updated last year
- A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID☆577Dec 6, 2025Updated 3 months ago
- orc2timeline extracts and analyzes artifacts contained in archives generated with DFIR-ORC.exe to create a timeline from them☆34Jun 27, 2025Updated 8 months ago
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆86Dec 17, 2025Updated 2 months ago
- A centralized and enhanced memory analysis platform☆520Jul 13, 2025Updated 7 months ago
- The purpose of this project is to publish and maintain the deployment PowerShell script that automates deployments for Active Directory C…☆258Nov 24, 2023Updated 2 years ago
- Documentation and scripts to properly enable Windows event logs.☆673Oct 3, 2025Updated 5 months ago
- This repository is meant to catalog network and host artifacts associated with various EDR products "shell" and response functionalities.☆92Aug 30, 2024Updated last year
- DFIQ is a collection of investigative questions and the approaches for answering them☆300Jan 17, 2025Updated last year
- ☆181Apr 24, 2025Updated 10 months ago
- FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is de…☆816Feb 17, 2025Updated last year
- ☆568Mar 28, 2024Updated last year
- Modular web-application honeypot platform built using go and gin☆63May 8, 2024Updated last year
- Canary Detection☆190Oct 20, 2025Updated 4 months ago
- Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detection…☆864Jan 20, 2022Updated 4 years ago
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆150May 3, 2024Updated last year
- ☆33Feb 26, 2022Updated 4 years ago
- UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It …☆1,249Feb 25, 2026Updated last week
- This project provides a set of Google Apps Scripts designed to help you identify and analyze potentially malicious domains directly from …☆14Sep 4, 2024Updated last year
- Awesome list of keywords and artifacts for Threat Hunting sessions☆641Aug 4, 2025Updated 7 months ago
- Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.☆3,051Feb 24, 2026Updated last week
- Live Feed of C2 servers, tools, and botnets☆751Mar 2, 2026Updated last week
- MDE relies on some of the Audit settings to be enabled☆100Jul 15, 2022Updated 3 years ago
- ☆253Jun 7, 2025Updated 9 months ago
- Azure Activity Log Axe is a continually developing tool that simplifies the transactional log format provided by Microsoft. The tool leve…☆35Sep 6, 2024Updated last year
- The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifa…☆646Nov 7, 2025Updated 4 months ago
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆89Feb 9, 2025Updated last year
- Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI☆1,033Dec 31, 2025Updated 2 months ago
- BadZure automates the deployment of intentionally misconfigured Entra ID tenants and Azure subscriptions, populating them with diverse en…☆488Mar 2, 2026Updated last week
- Microsoft Graph API post-exploitation toolkit☆95Jul 13, 2024Updated last year
- An evolving repository of CloudTrail events with detailed descriptions, MITRE ATT&CK insights, real-world incidents, references and secur…☆174Feb 22, 2026Updated 2 weeks ago
- ☆93Jul 30, 2025Updated 7 months ago
- Uses Sharphound, Bloodhound and Neo4j to produce an actionable list of attack paths for targeted remediation.☆484Jul 9, 2024Updated last year
- A Malware Scarecrow for Windows 10/11 with a user-friendly touch.☆70Oct 30, 2024Updated last year
- Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!☆461Aug 13, 2024Updated last year
- ☆20Jan 10, 2025Updated last year
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆697Oct 22, 2025Updated 4 months ago
- A suite of tools to disrupt campaigns using the Sliver C2 framework.☆282Aug 5, 2023Updated 2 years ago