Follow the trail of breadcrumbs left behind by any user on a computer or mounted disk image.
☆32Aug 28, 2025Updated 6 months ago
Alternatives and similar repositories for TrailBytes
Users that are interested in TrailBytes are comparing it to the libraries listed below
Sorting:
- Script related in Active Directory Attacks Domain☆24Aug 19, 2023Updated 2 years ago
- Run Dockerized web browsers from other operating systems on Linux.☆14Mar 2, 2025Updated 11 months ago
- Browser Reviewer is a portable forensic tool for analyzing user activity in Firefox and Chrome-based browsers. It extracts and displays b…☆55Oct 10, 2025Updated 4 months ago
- Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.☆12Aug 6, 2019Updated 6 years ago
- Deep Packet Inspection • Traffic Forensics • Network Threat Detection☆35Feb 20, 2026Updated last week
- Helping Incident Responders hunt for potential persistence mechanisms on UNIX-based systems.☆17Oct 28, 2023Updated 2 years ago
- Assist analyst and threat hunters to understand Windows authentication logs and to analyze brutforce scenarios.☆20Jul 1, 2023Updated 2 years ago
- A powerful macOS triage collection tool designed for forensic analysis. It gathers critical system artifacts such as FSEvents, Spotlight,…☆35Oct 24, 2025Updated 4 months ago
- It is a project produced to expose the main logic of OSINT-AI tools offered for sale on the DarkWeb☆37Apr 12, 2024Updated last year
- Generate Indexes from SANS PDFs☆18Jun 3, 2024Updated last year
- Velociraptor Server hosted in Azure App Service☆59Jun 4, 2025Updated 8 months ago
- Exfiltrate data over audio output from remote desktop sessions - Covert channel PoC☆64Dec 2, 2024Updated last year
- Notes only☆19May 2, 2022Updated 3 years ago
- ☆24Mar 12, 2025Updated 11 months ago
- Parses USB connection artifacts from offline Registry hives☆107Feb 8, 2026Updated 3 weeks ago
- MultiAV scanner with Python and JSON REST API using Malice Docker AV Containers and Docker-Machine based Autoscaling☆22Feb 11, 2021Updated 5 years ago
- PowerShell Script for Agentless Incident Response☆25Apr 5, 2018Updated 7 years ago
- A tool designed for penetration testers to perform attacks on LAN and WLAN networks, including network discovery, exploitation, and NAC b…☆44Jul 31, 2025Updated 7 months ago
- This repository contains the research and components of our research into using Sigma for AWS Incident Response.☆31Jul 12, 2023Updated 2 years ago
- Browse Windows Prefetch versions: 17,23,26,30v1/2,31 & some of SuperFetch .7db/.db's☆64Dec 18, 2024Updated last year
- A YARA & Malware Analysis Toolkit written in Rust.☆95Feb 15, 2026Updated 2 weeks ago
- ☆35Aug 23, 2022Updated 3 years ago
- PowerShell scripts for running Magnet RESPONSE forensic collection tool in large enterprises.☆30Jan 9, 2025Updated last year
- Writeups from CTFs I've done in the past☆24Nov 15, 2016Updated 9 years ago
- Links to various memory samples☆43Jul 25, 2025Updated 7 months ago
- Collect information of Windows PC when doing incident response☆252Jun 5, 2023Updated 2 years ago
- Community content for LogRhythm Axon. Includes Dashboards, searches, analytics rules, processing policies and more.☆10Jul 26, 2024Updated last year
- A comprehensive PowerShell-based threat hunting and incident response framework for Windows environments, built around Sysmon event analy…☆48Jul 17, 2025Updated 7 months ago
- Cheat sheets for threat hunting, detection and other stuff.☆34Oct 7, 2022Updated 3 years ago
- ☆29May 14, 2019Updated 6 years ago
- ☆36Apr 29, 2025Updated 10 months ago
- PowerShell tools to help defenders hunt smarter, hunt harder.☆473Oct 29, 2025Updated 4 months ago
- Collection of walkthroughs on various threat hunting techniques☆76Aug 3, 2020Updated 5 years ago
- BlueSploit is a DFIR framework with the main purpose being to quickly capture artifacts for later review.☆32Jan 1, 2020Updated 6 years ago
- This tool parses Windows EVTX logs to extract login and logout sessions from a security.evtx file. It uses a Tkinter GUI to let you selec…☆31Feb 22, 2025Updated last year
- ☆10Sep 24, 2021Updated 4 years ago
- Azure Deployment Templates for Mandiant Managed Huning☆12Jun 1, 2023Updated 2 years ago
- Listener that spawns a new tmux window for each incoming reverse shell + Supports listening on many ports☆59Jul 13, 2025Updated 7 months ago
- A Guide to Hackintoshing Dell XPS 13 9370☆10Oct 4, 2024Updated last year