sophos / solarwinds-threathuntView external linksLinks
Threathunt details for the Solarwinds compromise
☆33Jun 26, 2021Updated 4 years ago
Alternatives and similar repositories for solarwinds-threathunt
Users that are interested in solarwinds-threathunt are comparing it to the libraries listed below
Sorting:
- Registry to JSON. This Project is for learning purposes and is not maintained.☆12Dec 28, 2021Updated 4 years ago
- Repository for LNK stuff☆31Aug 31, 2022Updated 3 years ago
- The method and files used to generate Sysmon event logs, push them to a remote Splunk, and ingest/normalize the data for analysis.☆10Sep 28, 2020Updated 5 years ago
- Transform EQL detection rules to VQL artifacts☆12Nov 12, 2021Updated 4 years ago
- Tools and dumps related to the Smishing Triad and the USPS smishing campaign from late 2023 into 2024☆11Apr 28, 2024Updated last year
- onigiri - remote malware triage script☆24Nov 5, 2015Updated 10 years ago
- SysScout is a fully encapsulated script that quickly and easily pulls local machine information from Linux-Based systems. A simple, easy…☆13Oct 20, 2017Updated 8 years ago
- Malice Office/OLE/RTF Plugin☆13Aug 29, 2018Updated 7 years ago
- ☆12Jun 3, 2022Updated 3 years ago
- A lightweight C++/C AFF4 reader library☆14Feb 5, 2026Updated last week
- Cybersecurity Incidents Mind Maps☆34Sep 29, 2021Updated 4 years ago
- Triaging Windows event logs based on SANS Poster☆46Nov 22, 2025Updated 2 months ago
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- Parser for Sdba memory pool tags☆21Jul 16, 2021Updated 4 years ago
- Library of python scripts to apply Data Science in several forensics artifacts☆31Jul 16, 2020Updated 5 years ago
- Fast multipattern regular expression searching for digital forensics☆18Jul 31, 2019Updated 6 years ago
- A python script to shift the timestamp on syslog data. Useful for forensicators combating time skew.☆21May 19, 2022Updated 3 years ago
- CVE-2021-1675 LPE PoC in Nim (PrintNightmare Local Privilege Escalation)☆18Dec 5, 2021Updated 4 years ago
- Various tools and scripts☆43Nov 30, 2022Updated 3 years ago
- Silly proof-of-concept for a PDF chatroom☆21May 3, 2023Updated 2 years ago
- ☆22Dec 22, 2020Updated 5 years ago
- Collection of useful, up to date, Carbon Black Response Queries☆84Oct 23, 2020Updated 5 years ago
- geolocate ip addresses in IIS logs☆20Jan 8, 2025Updated last year
- Manage Your Large Team of Consultants☆11Sep 18, 2025Updated 4 months ago
- Quick ESXi Log Parser☆29Oct 20, 2025Updated 3 months ago
- Network detector for Winnti malware☆21Mar 6, 2018Updated 7 years ago
- a modified version base on Tracecorn☆20Oct 29, 2019Updated 6 years ago
- Discover USB device history for a specific user☆23Dec 28, 2015Updated 10 years ago
- MasterParser is a simple, all-in-one, digital forensics artifact parser☆24Jul 9, 2021Updated 4 years ago
- Binary commandline executable to parse ETL files☆69Jun 7, 2018Updated 7 years ago
- A fork of The Sleuthkit with Pooled Storage and APFS support. See https://www.youtube.com/watch?v=k1XPillJ7aw for more info and usage.☆26Oct 27, 2019Updated 6 years ago
- Fairy Law - Compromise or disable EDR security solutions☆68Dec 1, 2025Updated 2 months ago
- This repository contains zip archives of pcaps for our Wireshark tutorial about examining Emotet infection traffic. The password for any …☆25Jan 11, 2021Updated 5 years ago
- Indicators of Compromise (IOCs) accompanying HP Threat Research blog posts and reports.☆29Apr 10, 2024Updated last year
- clean interface for the windows event log☆26Jun 8, 2024Updated last year
- Development guide for Volatility Plugins☆22Sep 6, 2017Updated 8 years ago
- Windows registry samples☆24Nov 18, 2018Updated 7 years ago
- ☆23May 7, 2021Updated 4 years ago
- VM setup for Malware RE labs☆28Apr 26, 2019Updated 6 years ago