PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.
☆113Aug 26, 2024Updated last year
Alternatives and similar repositories for RetrievIR
Users that are interested in RetrievIR are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Scripts to for ready-to-use Velociraptor instance deployment in Azure☆14Jun 27, 2023Updated 3 years ago
- Everything related to YARA☆16Apr 18, 2026Updated 2 months ago
- Threat Simulator for Enterprise Networks☆14May 14, 2022Updated 4 years ago
- Repository to publish sample use cases, templates, solutions, automations for Microsoft Defender Threat Intelligence (MDTI) product☆82Sep 9, 2024Updated last year
- MDE Tester is designed to help testing various features in Microsoft Defender for Endpoint.☆195Feb 20, 2026Updated 4 months ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- Just Another broken Registry Parser (JARP)☆16May 23, 2024Updated 2 years ago
- Sigma detection rules for hunting with the threathunting-keywords project☆60Mar 2, 2025Updated last year
- VTC - Velociraptor Timeline Creator☆19May 15, 2024Updated 2 years ago
- This repo is about Active Directory Advanced Threat Hunting☆649Feb 17, 2025Updated last year
- A series of cloud focused KQL queries for threat hunting and DFIR☆12Oct 21, 2025Updated 8 months ago
- Repository where I hold random detection and threat hunting queries that I come up with based on different sources of information (or eve…☆286Jun 23, 2026Updated last week
- PowerShell Digital Forensics & Incident Response Scripts.☆800May 26, 2026Updated last month
- An experimental Velociraptor implementation using cloud infrastructure☆26Jun 25, 2026Updated last week
- MDE Quickstart is a battle-tested MDE policy set designed to be restored with Intune Backup & Restore☆65Dec 26, 2022Updated 3 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- ☆52Jun 9, 2026Updated 3 weeks ago
- A preconfigured Windows-based system designed for rapid forensic investigations in both Azure and AWS.☆39Mar 25, 2024Updated 2 years ago
- ☆26Jul 23, 2024Updated last year
- Sharing my KQL queries for Azure Sentinel☆223Jun 13, 2026Updated 3 weeks ago
- yara detection rules for hunting with the threathunting-keywords project☆164May 11, 2025Updated last year
- Respotter is a Responder honeypot. Detect Responder in your environment as soon as it's spun up.☆200Nov 5, 2025Updated 7 months ago
- GenAI-STIX2.1-Generator is a tool that leverages Azure OpenAI capabilities to transform threat intelligence reports from unstructured web…☆24Mar 24, 2025Updated last year
- PowerShell script helping Incident Responders discover potential adversary persistence mechanisms.☆331May 1, 2025Updated last year
- ☆24Mar 21, 2024Updated 2 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Abusing Azure services over C2☆376Jan 20, 2026Updated 5 months ago
- A security assessment tool for analyzing Active Directory Group Policy Objects (GPOs) to identify misconfigurations and vulnerabilities☆325Mar 27, 2025Updated last year
- ☆27Mar 6, 2025Updated last year
- Semantic strings based on tree-sitter☆17Feb 19, 2025Updated last year
- Hunting Queries for Defender ATP☆83Apr 1, 2026Updated 3 months ago
- Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.☆492Nov 22, 2024Updated last year
- A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as …☆470Feb 18, 2026Updated 4 months ago
- ☆219May 11, 2026Updated last month
- 🧰 ESXi Testing Tookit is a command-line utility designed to help security teams test ESXi detections.☆87Apr 20, 2025Updated last year
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Velociraptor Server hosted in Azure App Service☆59Jun 4, 2025Updated last year
- ☆17Oct 24, 2025Updated 8 months ago
- Presentations from Conferences☆31Sep 14, 2024Updated last year
- Windows Forensics Salt States☆22Jun 23, 2026Updated last week
- This repository contains Open Source freely usable Threat Intel feeds that can be used without additional requirements. Contains multiple…☆856Updated this week
- ☆44Oct 11, 2023Updated 2 years ago
- PowerShell tools to help defenders hunt smarter, hunt harder.☆487Oct 29, 2025Updated 8 months ago