davidpany / WMI_ForensicsLinks
☆303Updated 5 years ago
Alternatives and similar repositories for WMI_Forensics
Users that are interested in WMI_Forensics are comparing it to the libraries listed below
Sorting:
- "Evolving AppCompat/AmCache data analysis beyond grep"☆205Updated 3 years ago
- ☆278Updated 2 years ago
- EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.☆196Updated 5 months ago
- Scripts to facilitate filtering with Plaso☆126Updated 5 years ago
- ATT&CK Remote Threat Hunting Incident Response☆203Updated 8 months ago
- Dump of organized knowledge on DFIR☆135Updated 3 years ago
- Powershell Threat Hunting Module☆285Updated 8 years ago
- ☆427Updated 2 years ago
- A lightweight tool to load Windows Event Log evtx files into Elasticsearch.☆118Updated 4 years ago
- A repo containing tools developed by Carbon Black's Threat Research Team: Threat Analysis Unit☆236Updated 4 years ago
- Tool Analysis Result Sheet☆356Updated 7 years ago
- A modern Python-3-based alternative to RegRipper☆196Updated 4 months ago
- A VBA parser and emulation engine to analyze malicious macros.☆96Updated last week
- ☆165Updated 4 years ago
- Parser for Windows PowerShell script block logs☆99Updated last year
- ☆116Updated last year
- Misc Threat Hunting Resources☆374Updated 2 years ago
- ☆175Updated last year
- Invoke-LiveResponse☆149Updated 3 years ago
- c2 traffic☆189Updated 2 years ago
- PowerShell script for deobfuscating encoded PowerShell scripts☆425Updated 4 years ago
- Tools from WFA 4/e, timeline tools, etc.☆141Updated last year
- ☆351Updated 4 years ago
- Collection of useful, up to date, Carbon Black Response Queries☆84Updated 4 years ago
- Lists of sources and utilities utilized to hunt, detect and prevent evildoers.☆166Updated 6 years ago
- Regipy is an os independent python library for parsing offline registry hives☆258Updated 2 months ago
- Parse Windows Prefetch files: Supports XP - Windows 10 Prefetch files☆119Updated last year
- Investigate suspicious activity by visualizing Sysmon's event log☆422Updated last year
- Collecting & Hunting for IOCs with gusto and style☆241Updated 4 years ago
- Data from a BRAWL Automated Adversary Emulation Exercise☆210Updated 4 years ago