Pinned Repositories
aa-tools
Artifact analysis tools by JPCERT/CC Analysis Center
appcompatprocessor
"Evolving AppCompat/AmCache data analysis beyond grep"
Awesome-Hacking
A collection of various awesome lists for hackers, pentesters and security researchers
BITSInject
A one-click tool to inject jobs into the BITS queue (Background Intelligent Transfer Service), allowing arbitrary program execution as the NT AUTHORITY/SYSTEM account
bro-1
Bro is a powerful network analysis framework that is much different from the typical IDS you may know. Official mirror of git.bro.org/bro.git .
bro-scripts
ChromeHistoryParser-CHP-
Simple python tool to extract useful data from the Chrome History file
dnSpy
.NET assembly editor, decompiler, and debugger
Incident-Playbook
GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]
logstash-dfir
Logstash configuration files for analyzing various types of logs
DFIRblue's Repositories
DFIRblue/dnSpy
.NET assembly editor, decompiler, and debugger
DFIRblue/Incident-Playbook
GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]
DFIRblue/aa-tools
Artifact analysis tools by JPCERT/CC Analysis Center
DFIRblue/appcompatprocessor
"Evolving AppCompat/AmCache data analysis beyond grep"
DFIRblue/Awesome-Hacking
A collection of various awesome lists for hackers, pentesters and security researchers
DFIRblue/BITSInject
A one-click tool to inject jobs into the BITS queue (Background Intelligent Transfer Service), allowing arbitrary program execution as the NT AUTHORITY/SYSTEM account
DFIRblue/Collect-MemoryDump
Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR
DFIRblue/Dump
Knowledge is power
DFIRblue/elasticsearch-analysis-hebrew
Hebrew analyzer plugin for elasticsearch
DFIRblue/EntityFramework6
This is the codebase for Entity Framework 6 (previously maintained at http://entityframework.codeplex.com). Entity Framework Core is maintained at https://github.com/aspnet/EntityFramework.
DFIRblue/flare-floss
FireEye Labs Obfuscated String Solver - Automatically extract obfuscated strings from malware.
DFIRblue/ForensicPosters
DFIRblue/hAcKtive-Directory-Forensics
DFIRblue/hindsight
Internet history forensics for Google Chrome/Chromium
DFIRblue/LogFileParser
Parser for $LogFile on NTFS
DFIRblue/MegaDev
Bro IDS + ELK Stack to detect and block data exfiltration
DFIRblue/MITRE_car
Cyber Analytics Repository
DFIRblue/OnionPeeler
Python script to batch query the Tor Relays and Bridges
DFIRblue/OSXAuditor
OS X Auditor is a free Mac OS X computer forensics tool
DFIRblue/pdfalyzer
Analyze PDFs. With colors. And Yara.
DFIRblue/PowerForensics
PowerForensics provides an all in one platform for live disk forensic analysis
DFIRblue/security-onion
Linux distro for IDS, NSM, and Log Management
DFIRblue/theHarvester
E-mail, subdomain and people names harvester
DFIRblue/TheHiveDocs
Documentation of TheHive
DFIRblue/ThreatHunter-Playbook
A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
DFIRblue/volatility
An advanced memory forensics framework
DFIRblue/WINspect
Powershell-based Windows Security Auditing Toolbox
DFIRblue/yaralyzer
Visually inspect YARA and regex matches found in both binary and text data.
DFIRblue/yarp
Yet another registry parser
DFIRblue/yeti
Your Everyday Threat Intelligence