tsale / awesome-dfir-skillsView external linksLinks
A curated collection of DFIR skills and workflows for InfoSec practitioners.
☆244Feb 8, 2026Updated last week
Alternatives and similar repositories for awesome-dfir-skills
Users that are interested in awesome-dfir-skills are comparing it to the libraries listed below
Sorting:
- Visualize Microsoft Defender XDR process trees and security events☆33Aug 24, 2025Updated 5 months ago
- MCP to help Defenders Detection Engineer Harder and Smarter☆242Feb 9, 2026Updated last week
- Documentation and scripts to properly enable Windows event logs.☆672Oct 3, 2025Updated 4 months ago
- ☆59Dec 10, 2025Updated 2 months ago
- Advanced Threat Hunting: Ransomware Group☆29Jul 9, 2025Updated 7 months ago
- ☆54Feb 2, 2026Updated 2 weeks ago
- Security Scripts and Sources for daily usage.☆73Jan 25, 2026Updated 3 weeks ago
- FireEye iSIGHT Alert Feeder for TheHive, an Open Source and Free Security Incident Response Platform☆16Oct 12, 2018Updated 7 years ago
- Repository documenting how Threat Intelligence and / or a Threat Intelligence Platform can prove its value to an organisation.☆53Oct 23, 2024Updated last year
- Threat feeds designed to extract adversarial TTPs and IOCs, using: ✨AI✨☆64Feb 9, 2026Updated last week
- A repository of curated lists with elements such as IoCs to use for threat hunting & detection queries.☆33Jul 23, 2024Updated last year
- Hands-on MCP security lab: 10 real incidents reproduced with vulnerable/secure MCP servers, pytest regressions, and Claude/Cursor battle-…☆83Dec 3, 2025Updated 2 months ago
- List with File Extensions used by Ransomware☆37Updated this week
- This repository contains detailed adversary simulation APT campaigns targeting various critical sectors. Each simulation includes custom …☆1,036Jan 11, 2026Updated last month
- ☆18Mar 26, 2024Updated last year
- A community-driven repository for threat hunting ideas, methodologies, and research that serves as a central gathering place for hunters …☆301Updated this week
- Build AI-powered security tools. 50+ hands-on labs covering ML, LLMs, RAG, threat detection, DFIR, and red teaming. Includes Colab notebo…☆94Updated this week
- Playbooks for SOC Analysts☆674Dec 11, 2022Updated 3 years ago
- Understanding the operation and limitations of Sysmon's events☆23Sep 15, 2022Updated 3 years ago
- PowerShell tools to help defenders hunt smarter, hunt harder.☆457Oct 29, 2025Updated 3 months ago
- A tool for simplifying the process of researching IOCs.☆25Sep 24, 2021Updated 4 years ago
- Tool to check the CloudTrail configuration and the services where trails are sent, to detect potential attacks to CloudTrail logging.☆13May 25, 2024Updated last year
- ☆22Nov 22, 2025Updated 2 months ago
- Interactive PowerShell framework for testing WMI, COM, LOLBAS, and persistence techniques☆94Dec 28, 2025Updated last month
- A simple tool designed to create Atomic Red Team tests with ease.☆49Mar 11, 2025Updated 11 months ago
- The SAP Threat Modeling Tool is an on-premises open-source web application designed to analyze and visualize connections between SAP syst…☆51Mar 7, 2025Updated 11 months ago
- AI-powered cybersecurity attack flow visualization tool using MITRE ATT&CK☆197Nov 25, 2025Updated 2 months ago
- A resource containing all the tools each ransomware gangs uses☆1,327Dec 24, 2025Updated last month
- A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as …☆421Aug 10, 2025Updated 6 months ago
- Hunt Smarter, Hunt Harder☆135Jan 12, 2026Updated last month
- Repository where I hold random detection and threat hunting queries that I come up with based on different sources of information (or eve…☆277Dec 20, 2025Updated last month
- KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunt…☆1,634Updated this week
- ☆68Nov 25, 2025Updated 2 months ago
- Passive JavaScript reconnaissance for penetration testers — bridging Burp Suite traffic into structured, AST-based analysis in VSCode.☆35Feb 5, 2026Updated last week
- Netwitness Maltego integration Project☆18May 9, 2017Updated 8 years ago
- Files related to works published in Black Mass☆10Sep 16, 2023Updated 2 years ago
- RedAudit is a next-generation Windows forensic and security assessment framework featuring a live cyber-operations GUI built for real inv…☆35Nov 15, 2025Updated 3 months ago
- This repo is about Active Directory Advanced Threat Hunting☆649Feb 17, 2025Updated last year
- Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.☆167Dec 7, 2025Updated 2 months ago