randomaccess3's Stars
WithSecureLabs/iocs
PuravsPoint/DecipheringUAL
This repo aims to help you decipher the UAL from a Digital Forensics & Incident Response (DFIR) perspective. The UAL is the Microsoft 365 Unified Audit Log.
center-for-threat-informed-defense/attack-flow
Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flows for a small corpus of incidents, and creating visualization tools to display attack flows.
google/dfiq
DFIQ is a collection of investigative questions and the approaches for answering them
Ahmed-AL-Maghraby/Windows-Registry-Analysis-Cheat-Sheet
keydet89/RegRipper4.0
RegRipper4.0
opf/openproject
OpenProject is the leading open source project management software.
iluvadev/XstReader
XstReader is an open source viewer for Microsoft Outlook’s .ost and .pst files (also those protected by unknown password). You can view and inspect all content and export messages and attachments (also in .msg format). Written entirely in C#, with no dependency on any Microsoft Office components. This project is the evolution of Dijji's XstReader
decompiler-explorer/decompiler-explorer
Decompiler Explorer! Compare tools on the forefront of static analysis, now in your web browser!
dfirtrack/dfirtrack
DFIRTrack - The Incident Response Tracking Application
makeplane/plane
🔥 🔥 🔥 Open Source JIRA, Linear and Asana Alternative. Plane helps you track your issues, epics, and product roadmaps in the simplest way possible.
intel471/CU-GIR
Cyber Underground General Intelligence Requirements
f-bader/EntraID-ErrorCodes
Entra ID (Azure AD) error codes as JSON
cado-security/varc
Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.
Velocidex/SQLiteHunter
Hunt for SQLite files used by various applications
mvelazc0/BadZure
BadZure orchestrates the setup of Azure AD tenants, populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths.
Kielx/AnyGrabber
Simplify AnyDesk log analysis by effortlessly searching, extracting, and generating reports on IP addresses and login dates
dingtoffee/StickyParser
StickyPraser - Sticky Notes Forensic. A Windows Sticky Notes Praser (snt and plum.sqlite supported). Additional Feature: SQLite Recovery - Deleted content recovery from plum.sqlite or any generic sqlite.
Digital-Forensics-Discord-Server/ArtifactParsers
A repo that aims to centralize a current, running list of relevant parsers/tools for known DFIR artifacts
blueteam0ps/det-eng-samples
This repository contains sample log data that were collected after running adversary simulations in Microsoft 365
manyfacedllama/amsi-tracer
Leverage AMSI (Antimalware Scan Interface) technology to aid your analysis. This tool saves all buffers (scripts, .NET assemblies, etc) passed into AMSI during dynamic execution.
AbdulRhmanAlfaifi/Fennec
Artifact collection tool for *nix systems
curated-intel/MOVEit-Transfer
A repository for tracking events related to the MOVEit Transfer Cl0p Campaign
cert-orangecyberdefense/ransomware_map
Map tracking ransomware, by OCD World Watch team
binalyze/dfir-lab
center-for-threat-informed-defense/attack-sync
ATT&CK Sync is a Center for Threat-Informed Defense project that aims to improve the ability for organizations to consume MITRE ATT&CK® version updates into their internal systems and processes.
Casualtek/Ransomchats
Cyber-Security-Hub/cyber-security-hub.github.io
Cyber Security Trainings
logpai/loghub
A large collection of system log datasets for AI-driven log analytics [ISSRE'23]
ThreatLabz/ransomware_notes
An Archive of Ransomware Notes Past and Present Collected by Zscaler ThreatLabz