PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.
☆110Aug 26, 2024Updated last year
Alternatives and similar repositories for RetrievIR
Users that are interested in RetrievIR are comparing it to the libraries listed below
Sorting:
- Scripts to for ready-to-use Velociraptor instance deployment in Azure☆14Jun 27, 2023Updated 2 years ago
- Everything related to YARA☆16Feb 19, 2026Updated last month
- Threat Simulator for Enterprise Networks☆14May 14, 2022Updated 3 years ago
- 基于Go和YARA规则 对windows进程和文件进行检测☆18Sep 20, 2024Updated last year
- Repository to publish sample use cases, templates, solutions, automations for Microsoft Defender Threat Intelligence (MDTI) product☆80Sep 9, 2024Updated last year
- Sigma detection rules for hunting with the threathunting-keywords project☆58Mar 2, 2025Updated last year
- MDE Tester is designed to help testing various features in Microsoft Defender for Endpoint.☆193Feb 20, 2026Updated last month
- Just Another broken Registry Parser (JARP)☆16May 23, 2024Updated last year
- VTC - Velociraptor Timeline Creator☆19May 15, 2024Updated last year
- This repo is about Active Directory Advanced Threat Hunting☆649Feb 17, 2025Updated last year
- A series of cloud focused KQL queries for threat hunting and DFIR☆11Oct 21, 2025Updated 4 months ago
- PowerShell Digital Forensics & Incident Response Scripts.☆778Jan 14, 2026Updated 2 months ago
- Repository where I hold random detection and threat hunting queries that I come up with based on different sources of information (or eve…☆279Dec 20, 2025Updated 3 months ago
- An experimental Velociraptor implementation using cloud infrastructure☆26Dec 2, 2025Updated 3 months ago
- MDE Quickstart is a battle-tested MDE policy set designed to be restored with Intune Backup & Restore☆65Dec 26, 2022Updated 3 years ago
- ☆49Mar 12, 2026Updated last week
- A preconfigured Windows-based system designed for rapid forensic investigations in both Azure and AWS.☆38Mar 25, 2024Updated last year
- ☆25Jul 23, 2024Updated last year
- Sharing my KQL queries for Azure Sentinel☆208Feb 9, 2026Updated last month
- yara detection rules for hunting with the threathunting-keywords project☆157May 11, 2025Updated 10 months ago
- ☆23Mar 21, 2024Updated last year
- Respotter is a Responder honeypot. Detect Responder in your environment as soon as it's spun up.☆198Nov 5, 2025Updated 4 months ago
- GenAI-STIX2.1-Generator is a tool that leverages Azure OpenAI capabilities to transform threat intelligence reports from unstructured web…☆24Mar 24, 2025Updated 11 months ago
- PowerShell script helping Incident Responders discover potential adversary persistence mechanisms.☆324May 1, 2025Updated 10 months ago
- Abusing Azure services over C2☆367Jan 20, 2026Updated 2 months ago
- A security assessment tool for analyzing Active Directory Group Policy Objects (GPOs) to identify misconfigurations and vulnerabilities☆320Mar 27, 2025Updated 11 months ago
- Hunting Queries for Defender ATP☆83Dec 14, 2025Updated 3 months ago
- ☆27Mar 6, 2025Updated last year
- Semantic strings based on tree-sitter☆17Feb 19, 2025Updated last year
- Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.☆486Nov 22, 2024Updated last year
- A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as …☆454Feb 18, 2026Updated last month
- ☆215Dec 2, 2025Updated 3 months ago
- 🧰 ESXi Testing Tookit is a command-line utility designed to help security teams test ESXi detections.☆82Apr 20, 2025Updated 11 months ago
- A list of resources to build a information security team.☆14Feb 10, 2021Updated 5 years ago
- Velociraptor Server hosted in Azure App Service☆59Jun 4, 2025Updated 9 months ago
- ☆17Oct 24, 2025Updated 4 months ago
- Presentations from Conferences☆31Sep 14, 2024Updated last year
- Windows Forensics Salt States☆21Mar 11, 2026Updated last week
- PowerShell tools to help defenders hunt smarter, hunt harder.☆476Oct 29, 2025Updated 4 months ago