To parse ugly Microsoft DNS Logs....
☆41Jun 8, 2018Updated 7 years ago
Alternatives and similar repositories for DNSplice
Users that are interested in DNSplice are comparing it to the libraries listed below
Sorting:
- An IOC framework written in PowerShell☆19Jan 3, 2017Updated 9 years ago
- Integrating Sysinternals Autoruns’ logs into Security Onion☆31Feb 20, 2024Updated 2 years ago
- Binary commandline executable to parse ETL files☆69Jun 7, 2018Updated 7 years ago
- Use DNS to hunt for threats including DGAs☆15Jan 4, 2016Updated 10 years ago
- ☆14Mar 9, 2023Updated 2 years ago
- Script for parsing Symantec Endpoint Protection logs, VBNs, and ccSubSDK database.☆64Dec 21, 2022Updated 3 years ago
- A collection of hunting and blue team scripts. Mostly others, some my own.☆38Jan 8, 2023Updated 3 years ago
- An Inofficial Sysmon Version History (Change Log)☆33Oct 25, 2020Updated 5 years ago
- Sandbox feature upgrade with the help of wrapped samples☆76Jun 23, 2018Updated 7 years ago
- Carve Windows Prefetch files from arbitrary binary data☆16Jun 11, 2017Updated 8 years ago
- Random scripts posted for my blog at http://aka.ms/goateepfe☆25Mar 30, 2017Updated 8 years ago
- ☆50Aug 30, 2020Updated 5 years ago
- Parse IE, FireFox, Chrome and Safari Cookies for Google Analytic values☆23Sep 3, 2016Updated 9 years ago
- Simple service to check URL endpoints☆20Jun 19, 2021Updated 4 years ago
- Windows Thingies... but in Rust☆23Nov 12, 2022Updated 3 years ago
- ☆53May 21, 2018Updated 7 years ago
- Blueteam operational triage registry hunting/forensic tool.☆149Sep 2, 2025Updated 6 months ago
- ☆309Aug 14, 2020Updated 5 years ago
- ☆28Aug 31, 2014Updated 11 years ago
- Win32 utility for auditing TCP connections☆56Aug 25, 2020Updated 5 years ago
- Scripts for Bro IDS and ELK Stack☆57Sep 2, 2015Updated 10 years ago
- Zeek Auxiliary Programs☆27Updated this week
- A Microsoft Windows service to provide telemetry on Windows executable memory page changes to facilitate threat detection☆32Oct 7, 2020Updated 5 years ago
- My Year of Python Repository☆28Jun 13, 2020Updated 5 years ago
- Term concordances for each course in the SANS DFIR curriculum. Used for automated index generation.☆69Aug 7, 2020Updated 5 years ago
- A Splunk Technology Add-on to forward filtered ETW events.☆30Oct 14, 2020Updated 5 years ago
- ☆29Aug 9, 2016Updated 9 years ago
- Windows Live Artifacts Acquisition Script☆190Jun 20, 2022Updated 3 years ago
- Distribution of the SANS SEC504 Windows Cheat Sheet Lab☆78May 25, 2020Updated 5 years ago
- Personal settings for X-Ways Forensics☆32Apr 28, 2022Updated 3 years ago
- Code from my old page ge.mine.nu☆36Feb 2, 2024Updated 2 years ago
- ATT&CK Remote Threat Hunting Incident Response☆206Dec 8, 2024Updated last year
- Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings☆122Jul 12, 2021Updated 4 years ago
- A forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.☆735Jun 5, 2025Updated 8 months ago
- CyLR - Live Response Collection Tool☆711Jun 1, 2022Updated 3 years ago
- URLCrazy☆31Apr 29, 2013Updated 12 years ago
- This repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.☆35Jul 8, 2019Updated 6 years ago
- Start here!☆11Feb 19, 2020Updated 6 years ago
- Tool used to perform threat intelligence against packet data☆36Jan 26, 2025Updated last year