Alternatives and similar repositories for DFIR-Toolkit:

Users that are interested in DFIR-Toolkit are comparing it to the libraries listed below

• MazX0p / ThreatHound
  ☆158Updated last year
• advanced-threat-research / NetLlix
  A project created with an aim to emulate and test exfiltration of data over different network protocols.
  ☆31Updated last year
• yarox24 / EvtxHussar
  Initial triage of Windows Event logs
  ☆95Updated 8 months ago
• QueenSquishy / plague
  Default Detections for EDR
  ☆97Updated last year
• malienist / lupo
  Lupo - Malware IOC Extractor. Debugging module for Malware Analysis Automation
  ☆104Updated 2 years ago
• stuxnet999 / volatility-binaries
  Contains compiled binaries of Volatility
  ☆33Updated last month
• LOLAD-Project / LOLAD-Project.github.io
  https://lolad-project.github.io/
  ☆71Updated last month
• Th1ru-M / Windows-Threat-Hunting
  Hunt for Keywords , Mutex, Windows Event,Registry Keys,Process,Schedule tasks in Windows Machine
  ☆22Updated 2 months ago
• svdwi / BlueBox
  BlueBox Malware analysis Box and Cyber threat intelligence.
  ☆40Updated 2 years ago
• mthcht / ThreatHunting-Keywords-yara-rules
  yara detection rules for hunting with the threathunting-keywords project
  ☆105Updated 2 weeks ago
• AhmedKamal1432 / Evilize
  Triaging Windows event logs based on SANS Poster
  ☆38Updated 2 years ago
• TH3xACE / EDR-Test
  Automating EDR Testing with reference to MITRE ATTACK via Cobalt Strike [Purple Team].
  ☆147Updated last year
• S3N4T0R-0X0 / APT28-Adversary-Simulation
  This is a simulation of attack by Fancy Bear group (APT28) targeting high-ranking government officials Western Asia and Eastern Europe
  ☆32Updated 8 months ago
• TazWake / volatility-plugins
  Learning volatility plugins.
  ☆19Updated 4 years ago
• SevenStones / auditpolCIS
  CIS Benchmark testing of Windows SIEM configuration
  ☆44Updated last year
• keydet89 / RegRipper4.0
  RegRipper4.0
  ☆44Updated last year
• Panagiotis-INS / Cyber-Defenders
  This repo is all about Blue teamming and CyberDefenders Write-up for their DFIR challenges
  ☆17Updated last year
• BushidoUK / Abused-Legitimate-Services
  Cloud, CDN, and marketing services leveraged by cybercriminals and APT groups
  ☆59Updated 2 years ago
• cybergoatpsyops / detections
  Placeholder for my detection repo and misc detection engineering content
  ☆42Updated last year
• swisscom / ArtifactCollectionMatrix
  Forensic Artifact Collection Tool Matrix
  ☆82Updated 3 months ago
• tothi / smbmap
  SMBMap is a handy SMB enumeration tool - here with Kerberos support
  ☆73Updated 3 years ago
• pr0xylife / Emotet
  IOC Collection 2022
  ☆57Updated last year
• JoelGMSec / AzureGraph
  Azure AD enumeration over MS Graph
  ☆80Updated 2 years ago
• jgasmussen / Linux-Baseline-and-Forensic-Triage-Tool
  Linux Baseline and Forensic Triage Tool - BETA
  ☆53Updated 2 years ago
• chaitanyakrishna / IOCScraper
  IOCPARSER.COM is a Fast and Reliable service that enables you to extract IOCs and intelligence from different data sources.
  ☆34Updated 3 years ago
• eric-conrad / c2-talk
  ☆36Updated 10 months ago
• RedTeamOperations / Detecting-Adversarial-Tradecrafts-Tools-by-leveraging-ETW
  CyberWarFare Labs hands-on workshop on the topic "Detecting Adversarial Tradecrafts/Tools by leveraging ETW"
  ☆46Updated 2 years ago
• Qazeer / FarsightAD
  PowerShell script that aim to help uncovering (eventual) persistence mechanisms deployed by a threat actor following an Active Directory …
  ☆93Updated last year
• fboldewin / YARA_Detection_Engineering
  Detection Engineering with YARA
  ☆87Updated last year
• embee-research / Yara-detection-rules
  Yara Rules for Modern Malware
  ☆73Updated 11 months ago