elastic / sans-dfir-2022View external linksLinks
Repo with supporting material for the talk titled "Cracking the Beacon: Automating the extraction of implant configurations"
☆11Feb 6, 2025Updated last year
Alternatives and similar repositories for sans-dfir-2022
Users that are interested in sans-dfir-2022 are comparing it to the libraries listed below
Sorting:
- ☆17Jan 21, 2026Updated 3 weeks ago
- Jupyter notebooks for threat hunting☆60Mar 26, 2025Updated 10 months ago
- This script will generate hashes (MD5, SHA1, SHA256), submit the MD5 to Virus Total, and produce a text file with the results.☆15Jul 13, 2023Updated 2 years ago
- Powershell sandboxing utility☆19Feb 2, 2026Updated last week
- ☆24Aug 30, 2019Updated 6 years ago
- PowerShell scripts to aid investigators when utilizing O365 and Magnet Axiom.☆12Aug 26, 2024Updated last year
- Wrapper for TSK (Sleuth Kit) Bindings☆12Jan 10, 2023Updated 3 years ago
- Parsers for common structures across windows formats.☆12Aug 23, 2023Updated 2 years ago
- Mimikatz embedded as classes☆28Oct 25, 2021Updated 4 years ago
- A utility to force query DNS over DoH off of CloudFlare API when DNS block is in place☆10Aug 26, 2018Updated 7 years ago
- Help deobfuscate VBScript☆18Jul 1, 2022Updated 3 years ago
- NTFS Security Descriptor Stream ($Secure:$SDS) parser☆14Jan 9, 2023Updated 3 years ago
- ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit l…☆173Jan 30, 2026Updated 2 weeks ago
- ☆30Jul 17, 2018Updated 7 years ago
- NTFS file system specimens☆13Jul 3, 2023Updated 2 years ago
- Cyber competition scoring engine☆17Jun 15, 2016Updated 9 years ago
- Registry to JSON. This Project is for learning purposes and is not maintained.☆12Dec 28, 2021Updated 4 years ago
- ReviveIT (revit) is a proof of concept file recovery tool (carver)☆12Dec 3, 2020Updated 5 years ago
- Indicators of Normality☆11Jul 22, 2022Updated 3 years ago
- PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.☆36Jul 11, 2023Updated 2 years ago
- A Golang Registry parser☆19Feb 3, 2025Updated last year
- LNK to JSON☆14Mar 7, 2019Updated 6 years ago
- A threat sighting collects the behavior of a real threats and the observables used during its engagement.☆12Mar 29, 2022Updated 3 years ago
- Sabonis, a Digital Forensics and Incident Response pivoting tool☆18Mar 3, 2022Updated 3 years ago
- Resource links (video, slides & code) for my conference talks | presentations | workshops☆21Nov 17, 2025Updated 2 months ago
- Get intelligence info (tags, mitre techniques, yara and more) and find similar malware in a fast and easy way☆19Jun 6, 2022Updated 3 years ago
- This repository is used by FalconForce to release parts of the internal tools used for maintaining, validating and automatically deployin…☆17Mar 10, 2023Updated 2 years ago
- llama is lightgrep's amazing media analyzer☆16Oct 28, 2025Updated 3 months ago
- Registry timestamp manipulation☆17Feb 26, 2014Updated 11 years ago
- Serving files with conditions, serverside keying and more.☆18May 26, 2022Updated 3 years ago
- PowerShell Memory Pulling script☆19Mar 24, 2015Updated 10 years ago
- A golang implementation of a prefetch parser.☆20Oct 27, 2025Updated 3 months ago
- Python bindings for https://github.com/omerbenamram/mft☆23Dec 23, 2025Updated last month
- A Windows registry file parser written in Rust☆41Oct 30, 2025Updated 3 months ago
- ☆153Dec 6, 2018Updated 7 years ago
- Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or event…☆77Jul 13, 2021Updated 4 years ago
- A repo that contains a recursive dump from the ROOT key of every Windows Registry hive (using KAPE) from a vanilla (clean) install of eve…☆54Oct 29, 2025Updated 3 months ago
- A repo hosting the Markua content for the EZ Tools manuals hosted on Leanpub☆89Aug 12, 2025Updated 6 months ago
- ☆23Oct 9, 2024Updated last year