xGolani's Stars
ydkhatri/UnifiedLogReader
A parser for Unified logging tracev3 files
mandiant/macos-UnifiedLogs
ydkhatri/mac_apt
macOS (& ios) Artifact Parsing Tool
CrowdStrike/automactc
AutoMacTC: Automated Mac Forensic Triage Collector
cyb3rmik3/KQL-threat-hunting-queries
A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
WithSecureLabs/LinuxCatScale
Incident Response collection and processing scripts with automated reporting scripts
Azure/Azure-Sentinel
Cloud-native SIEM for intelligent security analytics for your entire enterprise.
vm32/Linux-Incident-Response
practical toolkit for cybersecurity and IT professionals. It features a detailed Linux cheatsheet for incident response
mark-hallman/plaso_filters
Scripts to facilitate filtering with Plaso
log2timeline/plaso
Super timeline all the things
microsoft/avml
AVML - Acquire Volatile Memory for Linux
davehull/Kansa
A Powershell incident response framework
enigma0x3/Misc-PowerShell-Stuff
random powershell goodness
Wra7h/SharpGhosting
Process Ghosting in C#
keowu/BadRentdrv2
A vulnerable driver exploited by me (BYOVD) that is capable of terminating several EDRs and antivirus software in the market, rendering them ineffective, working for both x32 and x64(CVE-2023-44976).
stuxnet999/EventTranscriptParser
Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)
strozfriedberg/sidr
Search Index Database Reporter
Psmths/windows-forensic-artifacts
Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!
jsecurity101/Detecting-Process-Injection-Techniques
This is a repository that is meant to hold detections for various process injection techniques.
Infocyte/PSHunt
Powershell Threat Hunting Module
tsale/EDR-Telemetry
This project aims to compare and evaluate the telemetry of various EDR products.
gtworek/PSBits
Simple (relatively) things allowing you to dig a bit deeper than usual.
CiscoCXSecurity/NeoPI
tstillz/webshell-analyzer
Web shell scanner and analyzer.
emposha/Shell-Detector
Shell Detector – is a application that helps you find and identify php/cgi(perl)/asp/aspx shells. Shell Detector has a “web shells” signature database that helps to identify “web shell” up to 99%.
hasherezade/hollows_hunter
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
tclahr/uac
UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
tstillz/webshell-scan
Simple web shell scanner written in Golang.
xl7dev/WebShell
Webshell && Backdoor Collection
Abyss-W4tcher/volatility3-symbols
Collection of Linux and macOS Volatility3 Intermediate Symbol Files (ISF), suitable for memory analysis 🔍