cgosec / BlauhauntView external linksLinks
A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you come from where did you go) in Security Incidents and Threat Hunts
☆180May 27, 2025Updated 8 months ago
Alternatives and similar repositories for Blauhaunt
Users that are interested in Blauhaunt are comparing it to the libraries listed below
Sorting:
- ☆11Jun 12, 2023Updated 2 years ago
- ShellSweeping the evil.☆181Nov 25, 2024Updated last year
- A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID☆574Dec 6, 2025Updated 2 months ago
- orc2timeline extracts and analyzes artifacts contained in archives generated with DFIR-ORC.exe to create a timeline from them☆34Jun 27, 2025Updated 7 months ago
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆86Dec 17, 2025Updated last month
- A centralized and enhanced memory analysis platform☆519Jul 13, 2025Updated 7 months ago
- The purpose of this project is to publish and maintain the deployment PowerShell script that automates deployments for Active Directory C…☆258Nov 24, 2023Updated 2 years ago
- Documentation and scripts to properly enable Windows event logs.☆672Oct 3, 2025Updated 4 months ago
- DFIQ is a collection of investigative questions and the approaches for answering them☆301Jan 17, 2025Updated last year
- This repository is meant to catalog network and host artifacts associated with various EDR products "shell" and response functionalities.☆92Aug 30, 2024Updated last year
- ☆180Apr 24, 2025Updated 9 months ago
- FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is de…☆817Feb 17, 2025Updated 11 months ago
- ☆567Mar 28, 2024Updated last year
- Modular web-application honeypot platform built using go and gin☆63May 8, 2024Updated last year
- Canary Detection☆188Oct 20, 2025Updated 3 months ago
- Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detection…☆859Jan 20, 2022Updated 4 years ago
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆150May 3, 2024Updated last year
- ☆33Feb 26, 2022Updated 3 years ago
- UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It …☆1,238Feb 5, 2026Updated last week
- This project provides a set of Google Apps Scripts designed to help you identify and analyze potentially malicious domains directly from …☆14Sep 4, 2024Updated last year
- Awesome list of keywords and artifacts for Threat Hunting sessions☆633Aug 4, 2025Updated 6 months ago
- Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.☆3,020Updated this week
- Live Feed of C2 servers, tools, and botnets☆745Feb 9, 2026Updated last week
- MDE relies on some of the Audit settings to be enabled☆100Jul 15, 2022Updated 3 years ago
- ☆251Jun 7, 2025Updated 8 months ago
- Azure Activity Log Axe is a continually developing tool that simplifies the transactional log format provided by Microsoft. The tool leve…☆35Sep 6, 2024Updated last year
- The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifa…☆645Nov 7, 2025Updated 3 months ago
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆89Feb 9, 2025Updated last year
- BadZure automates the deployment of intentionally misconfigured Entra ID tenants and Azure subscriptions, populating them with diverse en…☆485Updated this week
- Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI☆1,030Dec 31, 2025Updated last month
- Microsoft Graph API post-exploitation toolkit☆95Jul 13, 2024Updated last year
- ☆92Jul 30, 2025Updated 6 months ago
- An evolving repository of CloudTrail events with detailed descriptions, MITRE ATT&CK insights, real-world incidents, references and secur…☆172Feb 8, 2026Updated last week
- Uses Sharphound, Bloodhound and Neo4j to produce an actionable list of attack paths for targeted remediation.☆483Jul 9, 2024Updated last year
- A Malware Scarecrow for Windows 10/11 with a user-friendly touch.☆69Oct 30, 2024Updated last year
- Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!☆460Aug 13, 2024Updated last year
- ☆20Jan 10, 2025Updated last year
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆694Oct 22, 2025Updated 3 months ago
- A suite of tools to disrupt campaigns using the Sliver C2 framework.☆282Aug 5, 2023Updated 2 years ago