High-level Threat Intelligence playbooks
☆20Mar 6, 2021Updated 5 years ago
Alternatives and similar repositories for Threat-Intelligence-Playbooks
Users that are interested in Threat-Intelligence-Playbooks are comparing it to the libraries listed below
Sorting:
- Hundred Days of Yara Challenge☆12Jun 21, 2022Updated 3 years ago
- ☆21May 8, 2022Updated 3 years ago
- ☆93Jul 30, 2025Updated 7 months ago
- Library of threat hunts to get any user started!☆50Sep 4, 2020Updated 5 years ago
- Queries for parsed spotlight database in sqlite☆13Dec 29, 2020Updated 5 years ago
- Here are some tools I developed to help analyze malware☆11Nov 8, 2023Updated 2 years ago
- Parsers for common structures across windows formats.☆12Aug 23, 2023Updated 2 years ago
- Slides and material from my conference presentations☆16Mar 30, 2024Updated last year
- ☆11Jun 12, 2023Updated 2 years ago
- A library for fast parse & import of Windows Master File Table($MFT) into Elasticsearch.☆12Jun 23, 2025Updated 8 months ago
- Stand-alone parser for User Access Logging from Server 2012 and newer systems☆78Jan 9, 2024Updated 2 years ago
- Registry to JSON. This Project is for learning purposes and is not maintained.☆12Dec 28, 2021Updated 4 years ago
- Tools for macOS Forensic Bootable media☆15May 20, 2020Updated 5 years ago
- NTFS file system specimens☆13Jul 3, 2023Updated 2 years ago
- Scripts and tools created for appx analysis talk (Magnet summit 2019)☆19Feb 26, 2024Updated 2 years ago
- PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.☆37Jul 11, 2023Updated 2 years ago
- Threat Hunt Investigation Methodology and Procedure☆15Jul 11, 2022Updated 3 years ago
- BlueSploit is a DFIR framework with the main purpose being to quickly capture artifacts for later review.☆32Jan 1, 2020Updated 6 years ago
- Black Friday deals (Cyber/OSINT/Infosec)☆29Dec 6, 2020Updated 5 years ago
- Set up a quick and dirty audit log on an SQLite db.☆16May 16, 2013Updated 12 years ago
- extract and parse WEVT_TEMPLATEs from PE files☆18Dec 30, 2023Updated 2 years ago
- Malformed Access Log to CSV - Convert Web Server Access Logs to CSV☆18Sep 3, 2024Updated last year
- macOS Artifact Intelligence Tool☆13Apr 30, 2019Updated 6 years ago
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- http://moaistory.blogspot.com/2016/08/ie10analyzer.html☆19Jul 20, 2024Updated last year
- Get intelligence info (tags, mitre techniques, yara and more) and find similar malware in a fast and easy way☆19Jun 6, 2022Updated 3 years ago
- Python script for parsing ESET (NOD32) virlog.dat file.☆14Sep 28, 2017Updated 8 years ago
- A small tool to easily mount APFS image on macOS for forensics.☆16Jul 30, 2020Updated 5 years ago
- Python bindings for https://github.com/omerbenamram/mft☆23Dec 23, 2025Updated 2 months ago
- pcaps for Wireshark tutorial about examining Dridex infection traffic☆17Oct 8, 2020Updated 5 years ago
- This code snippet retrieves Azure Sentinel rules that are mapped to MITRE ATT&CK Framework and generates the related MITRE D3FEND defense…☆74Jun 28, 2021Updated 4 years ago
- ☆20Jan 10, 2025Updated last year
- Python bindings for LZFSE☆18Jul 9, 2020Updated 5 years ago
- Rhaegal is a tool written in Python 3 used to scan Windows Event Logs for suspicious logs. Rhaegal uses custom rule format to detect sus…☆42Sep 21, 2023Updated 2 years ago
- Scripts and tools accompanying HP Threat Research blog posts and reports.☆50Apr 10, 2024Updated last year
- A generic security incident response playbook investigating and responding to potential compromises of Okta's internal systems, in the co…☆20Mar 24, 2022Updated 3 years ago
- Leaked communication of Conti ransomware group from Jan 29, 2021 to Feb 27, 2022☆133Mar 2, 2022Updated 4 years ago
- ☆20May 10, 2023Updated 2 years ago
- A repository containing the research output from my GCFE Gold Paper which compared Windows 10 and Windows 11.☆27Jul 27, 2022Updated 3 years ago