Alternatives and similar repositories for winterfell-collection

Users that are interested in winterfell-collection are comparing it to the libraries listed below

• alph4w0lf / LokiX

  View on GitHub
  Lokix Platform is a free open-source solution to help blue teams and threat hunters use Loki Scanner to sweep enterprise networks
  ☆25Aug 8, 2020Updated 5 years ago
• RustyNoob-619 / 100-Days-of-YARA-2024

  View on GitHub
  ☆21Apr 19, 2024Updated last year
• swisscom / detections

  View on GitHub
  Threat intelligence and threat detection indicators (IOC, IOA)
  ☆52Nov 27, 2020Updated 5 years ago
• RESOLVN / RTHVM

  View on GitHub
  Resolvn Threat Hunting Virtual Machine
  ☆139Aug 16, 2019Updated 6 years ago
• kk0m4k / docker-forensics

  View on GitHub
  ☆24Nov 3, 2019Updated 6 years ago
• naemazam / logForenix

  View on GitHub
  log Forenix 🕵️- Your Linux Forensic Artifacts Collector Tool! 🚀
  ☆30Jun 18, 2024Updated last year
• CyberSift / OSQUERY-PACKS

  View on GitHub
  Osquery Packs we use for customer security hardening
  ☆12Jun 30, 2025Updated 7 months ago
• proferosec / Threat-Intelligence

  View on GitHub
  A collection of threat intelligence data such as IOC, Yara and Snort/Suricata Rules etc.
  ☆10Sep 17, 2019Updated 6 years ago
• mohlcyber / OpenDXL-ATD-MAR-Elasticsearch

  View on GitHub
  Automated Real-Time Threat Hunting with ATD, Active Response and Elasticsearch/Kibana
  ☆10Aug 17, 2018Updated 7 years ago
• Intrinsec / mplog_parser

  View on GitHub
  This tool aims at parsing Microsoft Protection logs to provide relevant data to forensic analysts during incident responses.
  ☆21Sep 30, 2022Updated 3 years ago
• auditNG / auditNG

  View on GitHub
  ☆11Mar 9, 2018Updated 7 years ago
• sttor / osquery-wazuh-response

  View on GitHub
  Active Response plugin. Osquery to execute wazuh/ossec active response plugins. You can write your own plugins, easy to plug
  ☆11Jun 20, 2020Updated 5 years ago
• mgreen27 / Invoke-LiveResponse

  View on GitHub
  Invoke-LiveResponse
  ☆150Feb 22, 2022Updated 3 years ago
• LETHAL-FORENSICS / macos-collector

  View on GitHub
  macos-collector - Automated Collection of macOS Forensic Artifacts for DFIR
  ☆29Jan 29, 2026Updated 2 weeks ago
• zshehri / MITRE_EDR_Eval

  View on GitHub
  Parsing MITRE EDR Evaluation results
  ☆12Dec 5, 2018Updated 7 years ago
• emadshanab / admin-login

  View on GitHub
  ☆12Jun 16, 2021Updated 4 years ago
• kosborn / auditd-timeline

  View on GitHub
  A parser/timeline creator for auditd logs.
  ☆16Aug 5, 2014Updated 11 years ago
• ag-michael / Inboxscanner

  View on GitHub
  Scan outlook inbox with yara rules,APIs and IOCs
  ☆14Aug 3, 2018Updated 7 years ago
• Silv3rHorn / autoripy

  View on GitHub
  Attempt to replicate the functions of auto_rip by Corey Harrell in Python.
  ☆12Aug 4, 2024Updated last year
• yasser-alghamdi / winterfell-hunt

  View on GitHub
  Winterfell hunt is a python script to perform auto threat hunting for malicious activities in windows OS based on collected data by winte…
  ☆15Jul 23, 2020Updated 5 years ago
• EspressoCake / MITRE_ATTACK_CLI

  View on GitHub
  CLI Search for Security Operators of MITRE ATT&CK URLs
  ☆17Jan 5, 2023Updated 3 years ago
• cottinghamd / HardeningAuditor

  View on GitHub
  Scripts for comparing Microsoft Windows compliance with the ASD 1709 & Office 2016 Hardening Guides
  ☆160Dec 20, 2019Updated 6 years ago
• DFIRKuiper / Kuiper

  View on GitHub
  Digital Forensics Investigation Platform
  ☆872Oct 12, 2024Updated last year
• travisfoley / dfirtriage

  View on GitHub
  Digital forensic acquisition tool for Windows based incident response.
  ☆346May 7, 2024Updated last year
• CrowdStrike / xwf-yara-scanner

  View on GitHub
  ☆92Jul 30, 2025Updated 6 months ago
• kazuminn / vulsbeat

  View on GitHub
  Vuls Beater for Elasticsearch - connecting vuls
  ☆17Dec 15, 2020Updated 5 years ago
• Acceis / BurpScripterPlus

  View on GitHub
  This extension provide a Python panel for writing custom proxy script.
  ☆16Aug 26, 2019Updated 6 years ago
• BSidesVienna / bsidesvienna.github.io

  View on GitHub
  BSidesVienna Homepage
  ☆16Nov 24, 2025Updated 2 months ago
• aashishsec / Subdominator

  View on GitHub
  SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty
  ☆18Feb 9, 2024Updated 2 years ago
• ThunderGunExpress / ThunderQuery

  View on GitHub
  ☆12Apr 21, 2019Updated 6 years ago
• markjx / search2018

  View on GitHub
  Tools to search through massive amounts of data
  ☆21Oct 20, 2025Updated 3 months ago
• unicornunicode / FACT

  View on GitHub
  FACT is a tool to collect, process and visualise forensic data from clusters of machines running in the cloud or on-premise.
  ☆17Aug 30, 2024Updated last year
• vadim-hunter / Detection-Ideas-Rules

  View on GitHub
  Detection Ideas & Rules repository.
  ☆178Sep 10, 2021Updated 4 years ago
• braxtone / PhishReporter-Outlook-Add-In

  View on GitHub
  PhishReporter Outlook Add-In in an Outlook Add-In that allows users to report phishing e-mails to a specific e-mail address for further p…
  ☆35Jan 25, 2017Updated 9 years ago
• mdecrevoisier / Windows-authentication-brutforce-cheatsheet

  View on GitHub
  Assist analyst and threat hunters to understand Windows authentication logs and to analyze brutforce scenarios.
  ☆20Jul 1, 2023Updated 2 years ago
• tianyulab / ThreatDetectionRules

  View on GitHub
  威胁检测规则集
  ☆15Jul 5, 2019Updated 6 years ago
• zerber0s / mac_int

  View on GitHub
  macOS Artifact Intelligence Tool
  ☆13Apr 30, 2019Updated 6 years ago
• ydkhatri / jarp

  View on GitHub
  Just Another broken Registry Parser (JARP)
  ☆16May 23, 2024Updated last year
• tomwechsler / Threat_Hunting_with_PowerShell

  View on GitHub
  Security even with a small budget - there is no excuse!
  ☆20May 24, 2023Updated 2 years ago