target / Threat-HuntingView external linksLinks
Jupyter notebooks for threat hunting
☆60Mar 26, 2025Updated 10 months ago
Alternatives and similar repositories for Threat-Hunting
Users that are interested in Threat-Hunting are comparing it to the libraries listed below
Sorting:
- Repo with supporting material for the talk titled "Cracking the Beacon: Automating the extraction of implant configurations"☆11Feb 6, 2025Updated last year
- ☆17Jan 21, 2026Updated 3 weeks ago
- Powershell sandboxing utility☆19Feb 2, 2026Updated last week
- Registry Explorer bookmark definitions☆44Dec 19, 2024Updated last year
- Parsers for common structures across windows formats.☆12Aug 23, 2023Updated 2 years ago
- ☆154Dec 6, 2018Updated 7 years ago
- Registry to JSON. This Project is for learning purposes and is not maintained.☆12Dec 28, 2021Updated 4 years ago
- A Jupyter notebook to assist with the analysis of the output generated from Volatility memory extraction framework.☆97May 28, 2023Updated 2 years ago
- Windows registry samples☆24Nov 18, 2018Updated 7 years ago
- Full of public notes and Utilities☆130Jan 6, 2026Updated last month
- A PowerShell incident response script for quick triage☆81Jul 18, 2022Updated 3 years ago
- Parser for Sdba memory pool tags☆21Jul 16, 2021Updated 4 years ago
- Xavier Framework is a user interface wrapper built on top of the Volatility(c) memory forensics framework.☆46Jul 7, 2022Updated 3 years ago
- A powershell parser for https://github.com/ufrisk/MemProcFS☆45May 12, 2021Updated 4 years ago
- ☆58Mar 4, 2022Updated 3 years ago
- Blueteam operational triage registry hunting/forensic tool.☆149Sep 2, 2025Updated 5 months ago
- Synopsis is a tool to aid analysts reviewing browser history files by providing a high-level “synopsis” of key information.☆22Oct 31, 2018Updated 7 years ago
- Collection of scripts used to analyse malware or emails☆20Oct 6, 2020Updated 5 years ago
- ☆18Apr 16, 2015Updated 10 years ago
- ☆24Aug 30, 2019Updated 6 years ago
- Sigma rules to share with the community☆124Jan 29, 2025Updated last year
- ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit l…☆173Jan 30, 2026Updated 2 weeks ago
- A Windows registry file parser written in Rust☆41Oct 30, 2025Updated 3 months ago
- ☆24Mar 12, 2025Updated 11 months ago
- USN to JSON☆22Apr 4, 2020Updated 5 years ago
- An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.☆342Dec 3, 2025Updated 2 months ago
- A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.☆43Jul 18, 2022Updated 3 years ago
- lnk_parser is a full rust implementation to parse windows LNK files☆22Jul 12, 2025Updated 7 months ago
- Extension blocks as found in ShellBags and other places in the Registry☆25Jan 7, 2025Updated last year
- Help deobfuscate VBScript☆18Jul 1, 2022Updated 3 years ago
- Wrapper for TSK (Sleuth Kit) Bindings☆12Jan 10, 2023Updated 3 years ago
- Queries for parsed spotlight database in sqlite☆13Dec 29, 2020Updated 5 years ago
- A repo that contains a recursive dump from the ROOT key of every Windows Registry hive (using KAPE) from a vanilla (clean) install of eve…☆54Oct 29, 2025Updated 3 months ago
- This repository provide a json file for all Windows security Event IDs with lot of useful informations (Categories, GPO, Volume, Recomman…☆11Mar 2, 2023Updated 2 years ago
- A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation☆77May 21, 2024Updated last year
- A dataset with CloudTrail events from an attack simulation using Stratus.☆24Jul 12, 2023Updated 2 years ago
- Malware analysis tool based on taint analysis.☆14Jan 29, 2022Updated 4 years ago
- Work in Progress repo☆15Apr 18, 2019Updated 6 years ago
- A collection of cyberchef recipes for use in osint investigations☆14Jul 2, 2022Updated 3 years ago