Jupyter notebooks for threat hunting
☆60Mar 26, 2025Updated 11 months ago
Alternatives and similar repositories for Threat-Hunting
Users that are interested in Threat-Hunting are comparing it to the libraries listed below
Sorting:
- Repo with supporting material for the talk titled "Cracking the Beacon: Automating the extraction of implant configurations"☆11Feb 6, 2025Updated last year
- ☆17Jan 21, 2026Updated last month
- Powershell sandboxing utility☆20Updated this week
- Registry Explorer bookmark definitions☆44Dec 19, 2024Updated last year
- Parsers for common structures across windows formats.☆12Aug 23, 2023Updated 2 years ago
- ☆154Dec 6, 2018Updated 7 years ago
- Registry to JSON. This Project is for learning purposes and is not maintained.☆12Dec 28, 2021Updated 4 years ago
- A Jupyter notebook to assist with the analysis of the output generated from Volatility memory extraction framework.☆97May 28, 2023Updated 2 years ago
- Windows registry samples☆24Nov 18, 2018Updated 7 years ago
- A PowerShell incident response script for quick triage☆81Jul 18, 2022Updated 3 years ago
- Full of public notes and Utilities☆131Jan 6, 2026Updated 2 months ago
- Parser for Sdba memory pool tags☆21Jul 16, 2021Updated 4 years ago
- Xavier Framework is a user interface wrapper built on top of the Volatility(c) memory forensics framework.☆46Jul 7, 2022Updated 3 years ago
- A powershell parser for https://github.com/ufrisk/MemProcFS☆45May 12, 2021Updated 4 years ago
- ☆58Mar 4, 2022Updated 4 years ago
- Blueteam operational triage registry hunting/forensic tool.☆149Sep 2, 2025Updated 6 months ago
- Collection of scripts used to analyse malware or emails☆20Oct 6, 2020Updated 5 years ago
- Synopsis is a tool to aid analysts reviewing browser history files by providing a high-level “synopsis” of key information.☆23Oct 31, 2018Updated 7 years ago
- ☆18Apr 16, 2015Updated 10 years ago
- ☆24Aug 30, 2019Updated 6 years ago
- Sigma rules to share with the community☆124Jan 29, 2025Updated last year
- ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit l…☆173Updated this week
- A Windows registry file parser written in Rust☆41Oct 30, 2025Updated 4 months ago
- USN to JSON☆22Apr 4, 2020Updated 5 years ago
- ☆24Mar 12, 2025Updated 11 months ago
- An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.☆341Dec 3, 2025Updated 3 months ago
- A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.☆43Jul 18, 2022Updated 3 years ago
- Extension blocks as found in ShellBags and other places in the Registry☆25Jan 7, 2025Updated last year
- lnk_parser is a full rust implementation to parse windows LNK files☆23Feb 17, 2026Updated 2 weeks ago
- Wrapper for TSK (Sleuth Kit) Bindings☆12Jan 10, 2023Updated 3 years ago
- Help deobfuscate VBScript☆18Jul 1, 2022Updated 3 years ago
- Queries for parsed spotlight database in sqlite☆13Dec 29, 2020Updated 5 years ago
- This repository provide a json file for all Windows security Event IDs with lot of useful informations (Categories, GPO, Volume, Recomman…☆11Mar 2, 2023Updated 3 years ago
- A repo that contains a recursive dump from the ROOT key of every Windows Registry hive (using KAPE) from a vanilla (clean) install of eve…☆53Oct 29, 2025Updated 4 months ago
- A dataset with CloudTrail events from an attack simulation using Stratus.☆25Jul 12, 2023Updated 2 years ago
- Malware analysis tool based on taint analysis.☆14Jan 29, 2022Updated 4 years ago
- NTFS Security Descriptor Stream ($Secure:$SDS) parser☆14Jan 9, 2023Updated 3 years ago
- A collection of cyberchef recipes for use in osint investigations☆14Jul 2, 2022Updated 3 years ago
- Resources for DFIR Professionals Responding to the REvil Ransomware Kaseya Supply Chain Attack☆180Jul 6, 2021Updated 4 years ago