tclahr / uac
UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
☆801Updated this week
Related projects ⓘ
Alternatives and complementary repositories for uac
- The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifa…☆555Updated last week
- Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders☆768Updated last year
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆681Updated this week
- CyLR - Live Response Collection Tool☆646Updated 2 years ago
- Collection of Event ID ressources useful for Digital Forensics and Incident Response☆588Updated 5 months ago
- RegRipper3.0☆558Updated 3 weeks ago
- Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.☆529Updated 2 months ago
- A knowledge base of actionable Incident Response techniques☆613Updated 2 years ago
- Digital Forensics Investigation Platform☆769Updated last month
- This repository serves as a place for community created Targets and Modules for use with KAPE.☆658Updated last week
- ☆505Updated last month
- Digital Forensics artifact repository☆1,062Updated 3 months ago
- ReversingLabs YARA Rules☆770Updated last month
- Sophos-originated indicators-of-compromise from published reports☆546Updated 2 weeks ago
- Simple Bash IOC Scanner☆697Updated 2 years ago
- Awesome list of keywords and artifacts for Threat Hunting sessions☆473Updated last week
- A repository of DFIR-related Mind Maps geared towards the visual learners!☆514Updated 2 years ago
- Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts…☆927Updated this week
- Documentation and scripts to properly enable Windows event logs.☆557Updated last year
- Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).☆643Updated last week
- Repository of YARA rules made by Trellix ATR Team☆570Updated 11 months ago
- Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red…☆849Updated 3 weeks ago
- Sysmon configuration file template with default high-quality event tracing☆454Updated 9 months ago
- Set of SIGMA rules (>320) mapped to MITRE ATT&CK tactic and techniques☆310Updated 5 months ago
- Incident Response collection and processing scripts with automated reporting scripts☆267Updated 4 months ago
- Detect Tactics, Techniques & Combat Threats☆2,067Updated this week
- A set of Zeek scripts to detect ATT&CK techniques.☆565Updated 4 months ago
- Purple Team Exercise Framework☆626Updated 10 months ago
- Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detection…☆833Updated 2 years ago