dfir
There are 597 repositories under dfir topic.
toniblyx/my-arsenal-of-aws-security-tools
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
meirwah/awesome-incident-response
A curated list of tools for incident response
LOLBAS-Project/LOLBAS
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
zeek/zeek
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
clong/DetectionLab
Automate the creation of a lab environment complete with security tooling and logging best practices
OTRF/ThreatHunter-Playbook
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
cugu/awesome-forensics
⭐️ A curated list of awesome forensic analysis tools and resources
intelowlproject/IntelOwl
IntelOwl: manage your Threat Intelligence at scale
TheHive-Project/TheHive
TheHive: a Scalable, Open Source and Free Security Incident Response Platform
Neo23x0/Loki
Loki - Simple IOC and YARA Scanner
Security-Onion-Solutions/security-onion
Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management
WithSecureLabs/chainsaw
Rapidly Search and Hunt through Windows Forensic Artefacts
JPCERTCC/LogonTracer
Investigate malicious Windows logon by visualizing and analyzing Windows event log
olafhartong/sysmon-modular
A repository of sysmon configuration modules
google/timesketch
Collaborative forensic timeline analysis
Neo23x0/signature-base
YARA signature and IOC database for my scanners and tools
Yamato-Security/hayabusa
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
sbousseaden/EVTX-ATTACK-SAMPLES
Windows Events Attack Samples
mattnotmax/cyberchef-recipes
A list of cyber-chef recipes and curated links
yeti-platform/yeti
Your Everyday Threat Intelligence
stuxnet999/MemLabs
Educational, CTF-styled labs for individuals interested in Memory Forensics
mikeroyal/Digital-Forensics-Guide
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
maliceio/malice
VirusTotal Wanna Be - Now with 100% more Hipster
Purp1eW0lf/Blue-Team-Notes
You didn't think I'd go and leave the blue team out, right?
api0cradle/LOLBAS
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
matanolabs/matano
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
TheHive-Project/Cortex
Cortex: a Powerful Observable Analysis and Active Response Engine
yampelo/beagle
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Bert-JanP/Hunting-Queries-Detection-Rules
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
tomchop/malcom
Malcom - Malware Communications Analyzer
0xrawsec/whids
Open Source EDR for Windows
olafhartong/ThreatHunting
A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
obsidianforensics/hindsight
Web browser forensics for Google Chrome/Chromium
cisagov/CHIRP
A DFIR tool written in Python.
fox-it/dissect
Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).
A3sal0n/CyberThreatHunting
A collection of resources for Threat Hunters