A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.

This repo is about Active Directory Advanced Threat Hunting

A binary authorization and monitoring system for macOS

Web browser forensics for Google Chrome/Chromium

Collaborative forensic timeline analysis

A simple, easy to use powershell script to remove bloatware apps from windows, disable telemetry, bing in windows search aswell as perform various other changes to declutter and improve your window…

Helm charts for running open source digital forensic tools in Kubernetes

KQL Queries. Microsoft 365 Defender, Microsoft Sentinel

Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance.

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

A collection of Azure AD/Entra tools for offensive and defensive security purposes

Awesome list of keywords for Threat Hunting sessions

macOS (& ios) Artifact Parsing Tool

The FLARE team's open-source tool to identify capabilities in executable files.

A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft 365 Defender.

Free hands-on digital forensics labs for students and faculty

A curated list of awesome forensic analysis tools and resources

Collection of KQL queries

Best Practice Auditd Configuration

Linux audit userspace repository

Rapidly Search and Hunt through Windows Event Logs

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

game of active directory

MemProcFS

TrustedSec Sysinternals Sysmon Community Guide

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover su…

Azure Security Resources and Notes

GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]

Set of Mindmaps providing a detailed overview of the different #Microsoft auditing capacities for Windows, Exchange, Azure,...