KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

Digital Forensics Incident Response and Detection engineering: Análisis forense de artefactos comunes y no tan comunes. Técnicas anti-forense y detección de técnicas utilizadas por actores maliciosos para la evasión de sistemas de protección y monitorización.

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

Windows network host hunting at scale!

Collaborative forensic timeline analysis

IntelOwl: manage your Threat Intelligence at scale

GPT-4o based chat model for advanced cyber operations, digital investigations and OSINT.

A cross platform forensic parser written in Rust!

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Cryptocurrency Triage Tool - Identify multiple cryptocurrency addresses and transactions from various wallet applications!

Helm charts for running open source digital forensic tools in Kubernetes

Archive of presentations shared with the DFIR community.

Harness the power of Splunk for your investigations

Your Everyday Threat Intelligence

A curated list of tools for incident response. With repository stars⭐ and forks🍴

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.

Dissect triage script for Citrix NetScaler devices

Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and environment variables. Dumps, detects and dissasemble hooks, shellcode, memory regions, modules and processes.

Automation and Scaling of Digital Forensics Tools