pricklypete-dfir

pricklypete-dfir's Stars

• NationalSecurityAgency/ghidra

  Ghidra is a software reverse engineering (SRE) framework

  Language:Java52.7k1k5k6k

• FreeCAD/FreeCAD

  This is the official source code of FreeCAD, a free and opensource multiplatform 3D parametric modeler.

  Language:C++22.2k5466.4k4.2k

• Velocidex/velociraptor

  Digging Deeper....

  Language:Go3k751.2k498

• salesforce/ja3

  JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.

  Language:Python2.8k9652293

• xaitax/TotalRecall

  This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots.

  Language:Python2k296160

• microsoft/Microsoft-365-Defender-Hunting-Queries

  Sample queries for Advanced hunting in Microsoft 365 Defender

  Language:Jupyter Notebook1.9k19736539

• gamelinux/passivedns

  A network sniffer that logs all DNS server replies for use in a passive DNS setup

  Language:C1.7k16686374

• strandjs/IntroLabs

  These are the labs for my Intro class. Yes, this is public. Yes, this is intentional.

  Language:HTML1.5k6738357

• philhagen/sof-elk

  Configuration files for the SOF-ELK VM

  Language:Shell1.5k111295286

• FalconForceTeam/FalconFriday

  Hunting queries and detections

  73557283

• AndrewRathbun/DFIRMindMaps

  A repository of DFIR-related Mind Maps geared towards the visual learners!

  51631067

• Neo23x0/sysmon-config

  Sysmon configuration file template with default high-quality event tracing

  45838761

• corelight/zeek-cheatsheets

  Zeek Log Cheatsheets

  28533045

• nasbench/MindMaps

  #ThreatHunting #DFIR #Malware #Detection Mind Maps

  28317137

• CrowdStrike/SuperMem

  A python script developed to process Windows memory images based on triage type.

  Language:Python26016341

• MalwareArchaeology/ARTHIR

  ATT&CK Remote Threat Hunting Incident Response

  Language:PowerShell19816039

• Subterfuge-Framework/Subterfuge

  Framework for Man-In-The-Middle attacks

  Language:JavaScript185331959

• corelight/community-id-spec

  An open standard for hashing network flows into identifiers, a.k.a "Community IDs".

  Language:Python174232625

• CrowdStrike/logscale-community-content

  This repository contains Community and Field contributed content for LogScale

  Language:Shell17441229

• ethack/tht

  Threat Hunting Toolkit is a Swiss Army knife for threat hunting, log processing, and security-focused data science

  Language:Shell12210219

• philhagen/ip2geo

  Script to perform bulk local GeoIP lookups (ASN and geo) for IP addresses

  Language:Python9815226

• EZToolsManuals/EZToolsManuals

  A repo hosting the Markua content for the EZ Tools manuals hosted on Leanpub

  Language:Ruby648575

• corelight/threat-hunting-guide

  4712012

• philhagen/for572-scripts

  A completely unsupported set of scripts used in SANS FOR572, Advanced Network Forensics and Analysis

  Language:Shell241019

• philhagen/timeshift

  A python script to shift the timestamp on syslog data. Useful for forensicators combating time skew.

  Language:Python19735

• secshoggoth/presentations

  Repository of the presentations that I have given and released.

  8201

• kiddinn/l2t-tools

  Automatically exported from code.google.com/p/l2t-tools

  Language:Python7201

• AndrewRathbun/KapeDocs

  Documentation repository

  Language:HTML3301

• AndrewRathbun/JumpList

  Language:C#110

• philhagen/yersinia-web

  Yersinia Web

  Language:HTML140