A curated collection of DFIR skills and workflows for InfoSec practitioners.
☆257Feb 8, 2026Updated last month
Alternatives and similar repositories for awesome-dfir-skills
Users that are interested in awesome-dfir-skills are comparing it to the libraries listed below
Sorting:
- Visualize Microsoft Defender XDR process trees and security events☆33Aug 24, 2025Updated 6 months ago
- Threat feeds designed to extract adversarial TTPs and IOCs, using: ✨AI✨☆70Updated this week
- Documentation and scripts to properly enable Windows event logs.☆673Oct 3, 2025Updated 5 months ago
- ☆58Dec 10, 2025Updated 2 months ago
- Advanced Threat Hunting: Ransomware Group☆29Jul 9, 2025Updated 8 months ago
- ☆54Updated this week
- MCP to help Defenders Detection Engineer Harder and Smarter☆294Updated this week
- Security Scripts and Sources for daily usage.☆69Jan 25, 2026Updated last month
- FireEye iSIGHT Alert Feeder for TheHive, an Open Source and Free Security Incident Response Platform☆16Oct 12, 2018Updated 7 years ago
- Repository documenting how Threat Intelligence and / or a Threat Intelligence Platform can prove its value to an organisation.☆53Oct 23, 2024Updated last year
- A repository of curated lists with elements such as IoCs to use for threat hunting & detection queries.☆33Jul 23, 2024Updated last year
- Hands-on MCP security lab: 10 real incidents reproduced with vulnerable/secure MCP servers, pytest regressions, and Claude/Cursor battle-…☆84Dec 3, 2025Updated 3 months ago
- List with File Extensions used by Ransomware☆37Updated this week
- This repository contains detailed adversary simulation APT campaigns targeting various critical sectors. Each simulation includes custom …☆1,051Updated this week
- ☆18Mar 26, 2024Updated last year
- A community-driven repository for threat hunting ideas, methodologies, and research that serves as a central gathering place for hunters …☆303Updated this week
- Playbooks for SOC Analysts☆684Dec 11, 2022Updated 3 years ago
- Understanding the operation and limitations of Sysmon's events☆23Sep 15, 2022Updated 3 years ago
- A tool for simplifying the process of researching IOCs.☆25Sep 24, 2021Updated 4 years ago
- PowerShell tools to help defenders hunt smarter, hunt harder.☆473Oct 29, 2025Updated 4 months ago
- A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as …☆432Feb 18, 2026Updated 2 weeks ago
- ☆22Nov 22, 2025Updated 3 months ago
- Tool to check the CloudTrail configuration and the services where trails are sent, to detect potential attacks to CloudTrail logging.☆13May 25, 2024Updated last year
- The SAP Threat Modeling Tool is an on-premises open-source web application designed to analyze and visualize connections between SAP syst…☆51Mar 7, 2025Updated last year
- A resource containing all the tools each ransomware gangs uses☆1,332Dec 24, 2025Updated 2 months ago
- A simple tool designed to create Atomic Red Team tests with ease.☆50Mar 11, 2025Updated 11 months ago
- AI-powered cybersecurity attack flow visualization tool using MITRE ATT&CK☆212Updated this week
- Interactive PowerShell framework for testing WMI, COM, LOLBAS, and persistence techniques☆96Dec 28, 2025Updated 2 months ago
- Repository where I hold random detection and threat hunting queries that I come up with based on different sources of information (or eve…☆278Dec 20, 2025Updated 2 months ago
- ☆70Feb 15, 2026Updated 3 weeks ago
- KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunt…☆1,642Feb 27, 2026Updated last week
- This repo is about Active Directory Advanced Threat Hunting☆648Feb 17, 2025Updated last year
- Files related to works published in Black Mass☆10Sep 16, 2023Updated 2 years ago
- Hunt Smarter, Hunt Harder☆140Jan 12, 2026Updated last month
- RedAudit is a next-generation Windows forensic and security assessment framework featuring a live cyber-operations GUI built for real inv…☆35Nov 15, 2025Updated 3 months ago
- Netwitness Maltego integration Project☆18May 9, 2017Updated 8 years ago
- ☆19Jan 8, 2026Updated 2 months ago
- Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.☆168Dec 7, 2025Updated 3 months ago
- Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.☆3,051Feb 24, 2026Updated last week