PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.
☆113Aug 26, 2024Updated last year
Alternatives and similar repositories for RetrievIR
Users that are interested in RetrievIR are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Scripts to for ready-to-use Velociraptor instance deployment in Azure☆14Jun 27, 2023Updated 2 years ago
- Everything related to YARA☆16Apr 18, 2026Updated last week
- Threat Simulator for Enterprise Networks☆14May 14, 2022Updated 3 years ago
- Repository to publish sample use cases, templates, solutions, automations for Microsoft Defender Threat Intelligence (MDTI) product☆81Sep 9, 2024Updated last year
- MDE Tester is designed to help testing various features in Microsoft Defender for Endpoint.☆195Feb 20, 2026Updated 2 months ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- Just Another broken Registry Parser (JARP)☆16May 23, 2024Updated last year
- Sigma detection rules for hunting with the threathunting-keywords project☆60Mar 2, 2025Updated last year
- VTC - Velociraptor Timeline Creator☆19May 15, 2024Updated last year
- This repo is about Active Directory Advanced Threat Hunting☆650Feb 17, 2025Updated last year
- A series of cloud focused KQL queries for threat hunting and DFIR☆12Oct 21, 2025Updated 6 months ago
- Repository where I hold random detection and threat hunting queries that I come up with based on different sources of information (or eve…☆281Dec 20, 2025Updated 4 months ago
- PowerShell Digital Forensics & Incident Response Scripts.☆782Jan 14, 2026Updated 3 months ago
- An experimental Velociraptor implementation using cloud infrastructure☆26Dec 2, 2025Updated 4 months ago
- MDE Quickstart is a battle-tested MDE policy set designed to be restored with Intune Backup & Restore☆65Dec 26, 2022Updated 3 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- ☆50Mar 12, 2026Updated last month
- A preconfigured Windows-based system designed for rapid forensic investigations in both Azure and AWS.☆38Mar 25, 2024Updated 2 years ago
- ☆25Jul 23, 2024Updated last year
- Sharing my KQL queries for Azure Sentinel☆209Apr 22, 2026Updated last week
- yara detection rules for hunting with the threathunting-keywords project☆160May 11, 2025Updated 11 months ago
- Respotter is a Responder honeypot. Detect Responder in your environment as soon as it's spun up.☆199Nov 5, 2025Updated 5 months ago
- GenAI-STIX2.1-Generator is a tool that leverages Azure OpenAI capabilities to transform threat intelligence reports from unstructured web…☆24Mar 24, 2025Updated last year
- PowerShell script helping Incident Responders discover potential adversary persistence mechanisms.☆327May 1, 2025Updated 11 months ago
- ☆23Mar 21, 2024Updated 2 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Abusing Azure services over C2☆370Jan 20, 2026Updated 3 months ago
- A security assessment tool for analyzing Active Directory Group Policy Objects (GPOs) to identify misconfigurations and vulnerabilities☆324Mar 27, 2025Updated last year
- Hunting Queries for Defender ATP☆83Apr 1, 2026Updated 3 weeks ago
- ☆27Mar 6, 2025Updated last year
- Semantic strings based on tree-sitter☆17Feb 19, 2025Updated last year
- Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.☆489Nov 22, 2024Updated last year
- A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as …☆466Feb 18, 2026Updated 2 months ago
- ☆217Dec 2, 2025Updated 4 months ago
- 🧰 ESXi Testing Tookit is a command-line utility designed to help security teams test ESXi detections.☆84Apr 20, 2025Updated last year
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Velociraptor Server hosted in Azure App Service☆58Jun 4, 2025Updated 10 months ago
- ☆17Oct 24, 2025Updated 6 months ago
- Presentations from Conferences☆31Sep 14, 2024Updated last year
- Windows Forensics Salt States☆22Apr 20, 2026Updated last week
- ☆44Oct 11, 2023Updated 2 years ago
- Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable…☆17May 18, 2021Updated 4 years ago
- PowerShell tools to help defenders hunt smarter, hunt harder.☆479Oct 29, 2025Updated 6 months ago