joeavanzato / RetrievIRView external linksLinks
PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.
☆109Aug 26, 2024Updated last year
Alternatives and similar repositories for RetrievIR
Users that are interested in RetrievIR are comparing it to the libraries listed below
Sorting:
- Scripts to for ready-to-use Velociraptor instance deployment in Azure☆14Jun 27, 2023Updated 2 years ago
- Just Another broken Registry Parser (JARP)☆16May 23, 2024Updated last year
- Repository to publish sample use cases, templates, solutions, automations for Microsoft Defender Threat Intelligence (MDTI) product☆79Sep 9, 2024Updated last year
- ☆25Jul 23, 2024Updated last year
- An experimental Velociraptor implementation using cloud infrastructure☆26Dec 2, 2025Updated 2 months ago
- PowerShell Digital Forensics & Incident Response Scripts.☆766Jan 14, 2026Updated last month
- This repo is about Active Directory Advanced Threat Hunting☆649Feb 17, 2025Updated 11 months ago
- Semantic strings based on tree-sitter☆17Feb 19, 2025Updated 11 months ago
- Everything related to YARA☆16Sep 9, 2025Updated 5 months ago
- Sharing my KQL queries for Azure Sentinel☆206Updated this week
- A preconfigured Windows-based system designed for rapid forensic investigations in both Azure and AWS.☆40Mar 25, 2024Updated last year
- Repository where I hold random detection and threat hunting queries that I come up with based on different sources of information (or eve…☆277Dec 20, 2025Updated last month
- Respotter is a Responder honeypot. Detect Responder in your environment as soon as it's spun up.☆197Nov 5, 2025Updated 3 months ago
- Threat Simulator for Enterprise Networks☆14May 14, 2022Updated 3 years ago
- A C# (.NET 6) tool to compare the file signature of files recursively and inform the user of matches and mismatches☆16Nov 29, 2024Updated last year
- Documentation and scripts to properly enable Windows event logs.☆671Oct 3, 2025Updated 4 months ago
- StickyParser - Sticky Notes Forensic. A Windows Sticky Notes Praser (snt and plum.sqlite supported). Additional Feature: SQLite Recovery …☆18Jul 18, 2023Updated 2 years ago
- ☆31Aug 13, 2025Updated 6 months ago
- A powerful macOS triage collection tool designed for forensic analysis. It gathers critical system artifacts such as FSEvents, Spotlight,…☆31Oct 24, 2025Updated 3 months ago
- A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as …☆421Aug 10, 2025Updated 6 months ago
- ☆214Dec 2, 2025Updated 2 months ago
- MDE Tester is designed to help testing various features in Microsoft Defender for Endpoint.☆194Mar 4, 2024Updated last year
- ☆49Updated this week
- ☆126Sep 1, 2024Updated last year
- Windows Forensics Salt States☆20Feb 7, 2026Updated last week
- VTC - Velociraptor Timeline Creator☆19May 15, 2024Updated last year
- NailaoLoader: Hiding Execution Flow via Patching☆22Feb 27, 2025Updated 11 months ago
- Make an Linux Kernel rootkit visible again.☆59Feb 27, 2025Updated 11 months ago
- Velociraptor Server hosted in Azure App Service☆59Jun 4, 2025Updated 8 months ago
- Parser fo macOS/iOS FSEvents Logs☆43May 6, 2024Updated last year
- MDE Quickstart is a battle-tested MDE policy set designed to be restored with Intune Backup & Restore☆65Dec 26, 2022Updated 3 years ago
- ��🧰 ESXi Testing Tookit is a command-line utility designed to help security teams test ESXi detections.☆82Apr 20, 2025Updated 9 months ago
- yara detection rules for hunting with the threathunting-keywords project☆157May 11, 2025Updated 9 months ago
- Provides an advanced baseline to implement a secure Windows auditing strategy on Windows OS.☆60Jun 9, 2025Updated 8 months ago
- ☆22Mar 21, 2024Updated last year
- PowerShell tools to help defenders hunt smarter, hunt harder.☆457Oct 29, 2025Updated 3 months ago
- ShellSweeping the evil.☆181Nov 25, 2024Updated last year
- ☆62Oct 12, 2024Updated last year
- Sigma detection rules for hunting with the threathunting-keywords project☆58Mar 2, 2025Updated 11 months ago