A completely unsupported set of scripts used in SANS FOR572, Advanced Network Forensics and Analysis
☆28Aug 6, 2025Updated 6 months ago
Alternatives and similar repositories for for572-scripts
Users that are interested in for572-scripts are comparing it to the libraries listed below
Sorting:
- A python script to shift the timestamp on syslog data. Useful for forensicators combating time skew.☆21May 19, 2022Updated 3 years ago
- ☆21May 8, 2022Updated 3 years ago
- incident response scripts☆18Mar 4, 2019Updated 7 years ago
- Term concordances for each course in the SANS DFIR curriculum. Used for automated index generation.☆69Aug 7, 2020Updated 5 years ago
- Queries for parsed spotlight database in sqlite☆13Dec 29, 2020Updated 5 years ago
- PowerShell scripts to aid investigators when utilizing O365 and Magnet Axiom.☆12Aug 26, 2024Updated last year
- Here are some tools I developed to help analyze malware☆11Nov 8, 2023Updated 2 years ago
- Various commands, tools, techniques that you can use to examine live Windows systems for signs of Compromise or for Threat Hunting.Can al…☆14Aug 15, 2022Updated 3 years ago
- NTFS Security Descriptor Stream ($Secure:$SDS) parser☆14Jan 9, 2023Updated 3 years ago
- This script will generate hashes (MD5, SHA1, SHA256), submit the MD5 to Virus Total, and produce a text file with the results.☆15Jul 13, 2023Updated 2 years ago
- Hundred Days of Yara Challenge☆12Jun 21, 2022Updated 3 years ago
- ☆11Jun 12, 2023Updated 2 years ago
- Scripts for Looking up OUIs or Vendor information from MAC addresses☆11Dec 24, 2023Updated 2 years ago
- Scripts that I've written that others may find useful☆14Aug 17, 2022Updated 3 years ago
- Strutsy - Mass exploitation of Apache Struts (CVE-2017-5638) vulnerability☆10Sep 1, 2018Updated 7 years ago
- This repository is created to add value to existing Network Security Monitoring solutions.☆17Sep 30, 2016Updated 9 years ago
- Dockerfiles for containerized osquery☆14May 23, 2017Updated 8 years ago
- Network Forensics Workshop Files☆17Apr 21, 2015Updated 10 years ago
- Malformed Access Log to CSV - Convert Web Server Access Logs to CSV☆18Sep 3, 2024Updated last year
- Just Another broken Registry Parser (JARP)☆16May 23, 2024Updated last year
- macOS Artifact Intelligence Tool☆13Apr 30, 2019Updated 6 years ago
- ☆35Oct 20, 2024Updated last year
- ☆33Oct 25, 2021Updated 4 years ago
- Python script for parsing ESET (NOD32) virlog.dat file.☆14Sep 28, 2017Updated 8 years ago
- llama is lightgrep's amazing media analyzer☆16Oct 28, 2025Updated 4 months ago
- A Windows registry file parser written in Rust☆41Oct 30, 2025Updated 4 months ago
- Windows Event Log Auditor☆91Updated this week
- Useful Powershell Tools for operating or testing Infocyte HUNT☆19Jan 10, 2025Updated last year
- High-level Threat Intelligence playbooks☆20Mar 6, 2021Updated 4 years ago
- ☆20Jan 10, 2025Updated last year
- Rhaegal is a tool written in Python 3 used to scan Windows Event Logs for suspicious logs. Rhaegal uses custom rule format to detect sus…☆42Sep 21, 2023Updated 2 years ago
- A repo hosting the Markua content for the EZ Tools manuals hosted on Leanpub☆90Aug 12, 2025Updated 6 months ago
- Repo that hold write-ups of various research projects I did and/or overall InfoSec things I investigated/researched.☆22Jan 5, 2025Updated last year
- This repository is created to add value to existing Network Security Monitoring solutions.☆42Sep 20, 2016Updated 9 years ago
- Various tools and scripts☆43Nov 30, 2022Updated 3 years ago
- Automating forensic data extraction, reduction, and overall triage of cold disk and memory images.☆21Mar 12, 2019Updated 6 years ago
- MacOS incident Response Toolkit. Mostly written while stuck on a NJTransit train.☆20Feb 20, 2020Updated 6 years ago
- A tool for fetching DFIR and other GitHub tools.☆25Aug 2, 2025Updated 7 months ago
- Powershell Scripts to work on Crowdstrike Falcon that pull back raw data relevant to forensic investigation☆23Dec 18, 2024Updated last year