PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.
☆113Aug 26, 2024Updated last year
Alternatives and similar repositories for RetrievIR
Users that are interested in RetrievIR are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Scripts to for ready-to-use Velociraptor instance deployment in Azure☆14Jun 27, 2023Updated 2 years ago
- Everything related to YARA☆16Apr 18, 2026Updated last month
- Threat Simulator for Enterprise Networks☆14May 14, 2022Updated 4 years ago
- Repository to publish sample use cases, templates, solutions, automations for Microsoft Defender Threat Intelligence (MDTI) product☆82Sep 9, 2024Updated last year
- MDE Tester is designed to help testing various features in Microsoft Defender for Endpoint.☆195Feb 20, 2026Updated 3 months ago
- Deploy open-source AI quickly and easily - Special Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- Just Another broken Registry Parser (JARP)☆16May 23, 2024Updated last year
- Sigma detection rules for hunting with the threathunting-keywords project☆60Mar 2, 2025Updated last year
- VTC - Velociraptor Timeline Creator☆19May 15, 2024Updated 2 years ago
- A series of cloud focused KQL queries for threat hunting and DFIR☆12Oct 21, 2025Updated 6 months ago
- This repo is about Active Directory Advanced Threat Hunting☆648Feb 17, 2025Updated last year
- Repository where I hold random detection and threat hunting queries that I come up with based on different sources of information (or eve…☆282Dec 20, 2025Updated 5 months ago
- PowerShell Digital Forensics & Incident Response Scripts.☆785Jan 14, 2026Updated 4 months ago
- An experimental Velociraptor implementation using cloud infrastructure☆26Dec 2, 2025Updated 5 months ago
- MDE Quickstart is a battle-tested MDE policy set designed to be restored with Intune Backup & Restore☆65Dec 26, 2022Updated 3 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- ☆51May 5, 2026Updated 2 weeks ago
- A preconfigured Windows-based system designed for rapid forensic investigations in both Azure and AWS.☆39Mar 25, 2024Updated 2 years ago
- ☆25Jul 23, 2024Updated last year
- Sharing my KQL queries for Azure Sentinel☆209Updated this week
- yara detection rules for hunting with the threathunting-keywords project☆162May 11, 2025Updated last year
- Respotter is a Responder honeypot. Detect Responder in your environment as soon as it's spun up.☆200Nov 5, 2025Updated 6 months ago
- GenAI-STIX2.1-Generator is a tool that leverages Azure OpenAI capabilities to transform threat intelligence reports from unstructured web…☆24Mar 24, 2025Updated last year
- PowerShell script helping Incident Responders discover potential adversary persistence mechanisms.☆329May 1, 2025Updated last year
- ☆24Mar 21, 2024Updated 2 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Abusing Azure services over C2☆372Jan 20, 2026Updated 4 months ago
- A security assessment tool for analyzing Active Directory Group Policy Objects (GPOs) to identify misconfigurations and vulnerabilities☆325Mar 27, 2025Updated last year
- Hunting Queries for Defender ATP☆83Apr 1, 2026Updated last month
- ☆27Mar 6, 2025Updated last year
- Semantic strings based on tree-sitter☆17Feb 19, 2025Updated last year
- Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.☆490Nov 22, 2024Updated last year
- A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as …☆467Feb 18, 2026Updated 3 months ago
- ☆218May 11, 2026Updated last week
- 🧰 ESXi Testing Tookit is a command-line utility designed to help security teams test ESXi detections.☆85Apr 20, 2025Updated last year
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Velociraptor Server hosted in Azure App Service☆58Jun 4, 2025Updated 11 months ago
- ☆17Oct 24, 2025Updated 6 months ago
- Presentations from Conferences☆31Sep 14, 2024Updated last year
- Windows Forensics Salt States☆22May 14, 2026Updated last week
- This repository contains Open Source freely usable Threat Intel feeds that can be used without additional requirements. Contains multiple…☆835Updated this week
- ☆43Oct 11, 2023Updated 2 years ago
- Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable…☆17May 18, 2021Updated 5 years ago