Winterfell is a group of windows batch scripts to collect Windows forensics data and perform efficient, and fast incident response and threat hunting activities.
☆52Jul 23, 2020Updated 5 years ago
Alternatives and similar repositories for winterfell-collection
Users that are interested in winterfell-collection are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Winterfell hunt is a python script to perform auto threat hunting for malicious activities in windows OS based on collected data by winte…☆15Jul 23, 2020Updated 5 years ago
- Lokix Platform is a free open-source solution to help blue teams and threat hunters use Loki Scanner to sweep enterprise networks☆25Aug 8, 2020Updated 5 years ago
- ☆21Apr 19, 2024Updated 2 years ago
- Threat intelligence and threat detection indicators (IOC, IOA)☆52Nov 27, 2020Updated 5 years ago
- Vuls Beater for Elasticsearch - connecting vuls☆17Dec 15, 2020Updated 5 years ago
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- Osquery Packs we use for customer security hardening☆12Jun 30, 2025Updated last year
- ☆24Nov 3, 2019Updated 6 years ago
- Active Response plugin. Osquery to execute wazuh/ossec active response plugins. You can write your own plugins, easy to plug☆12Jun 20, 2020Updated 6 years ago
- Automated Real-Time Threat Hunting with ATD, Active Response and Elasticsearch/Kibana☆10Aug 17, 2018Updated 7 years ago
- Digital Forensics Investigation Platform☆894Oct 12, 2024Updated last year
- ☆11Mar 9, 2018Updated 8 years ago
- Scan outlook inbox with yara rules,APIs and IOCs☆14Aug 3, 2018Updated 7 years ago
- MasterParser is a simple, all-in-one, digital forensics artifact parser☆24Jul 9, 2021Updated 4 years ago
- A collection of threat intelligence data such as IOC, Yara and Snort/Suricata Rules etc.☆10Sep 17, 2019Updated 6 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Resolvn Threat Hunting Virtual Machine☆138Aug 16, 2019Updated 6 years ago
- Attempt to replicate the functions of auto_rip by Corey Harrell in Python.☆12Aug 4, 2024Updated last year
- A parser/timeline creator for auditd logs.☆16Aug 5, 2014Updated 11 years ago
- Parsing MITRE EDR Evaluation results☆12Dec 5, 2018Updated 7 years ago
- Security even with a small budget - there is no excuse!☆20May 24, 2023Updated 3 years ago
- Invoke-LiveResponse☆152Feb 22, 2022Updated 4 years ago
- ☆93Jul 30, 2025Updated 11 months ago
- Digital forensic acquisition tool for Windows based incident response.☆348May 7, 2024Updated 2 years ago
- macos-collector - Automated Collection of macOS Forensic Artifacts for DFIR☆44Apr 13, 2026Updated 2 months ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Rhaegal is a tool written in Python 3 used to scan Windows Event Logs for suspicious logs. Rhaegal uses custom rule format to detect sus…☆43Sep 21, 2023Updated 2 years ago
- Incident response teams usually working on the offline data, collecting the evidence, then analyze the data☆48Jan 2, 2022Updated 4 years ago
- macOS Artifact Intelligence Tool☆13Apr 30, 2019Updated 7 years ago
- Assist analyst and threat hunters to understand Windows authentication logs and to analyze brutforce scenarios.☆21Jul 1, 2023Updated 3 years ago
- This script is made to collect the most valiable artifacts for foreniscs or incident reponse investigation rather than imaging the whole …☆214Oct 19, 2020Updated 5 years ago
- Just Another broken Registry Parser (JARP)☆16May 23, 2024Updated 2 years ago
- Automated memory forensics analysis☆32Aug 20, 2019Updated 6 years ago
- CLI Search for Security Operators of MITRE ATT&CK URLs☆17Jan 5, 2023Updated 3 years ago
- i summarize found scripts here☆15Jan 10, 2022Updated 4 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Rip Raw is a small tool to analyse the memory of compromised Linux systems.☆132Jan 31, 2022Updated 4 years ago
- Load MISP events into memcached for log enrichment using logstash☆12Jul 10, 2020Updated 5 years ago
- Joystick is a tool that gives you the ability to transform the ATT&CK Evaluations data into concise views that brings forward the nuances…☆66Sep 13, 2023Updated 2 years ago
- Scripts for comparing Microsoft Windows compliance with the ASD 1709 & Office 2016 Hardening Guides☆159Dec 20, 2019Updated 6 years ago
- LogRM is a post exploitation powershell script which it uses windows event logs to gather information about internal network☆74Jul 9, 2019Updated 6 years ago
- Malware Sinkhole List in various formats☆106May 25, 2026Updated last month
- A server and client implementation to demonstrate and test ALG abuse and perform the NAT slipstream attack described https://www.samy.pl/…☆43Dec 8, 2020Updated 5 years ago