Custom ATC's ready for being used in OSquery

Web Academy Scripts

Simple (relatively) things allowing you to dig a bit deeper than usual.

🚀🚀 This is a 🎇🔥 REAL WORLD🔥 🎇 Malware Collection I have Compiled & analysed by researchers🔥 to understand more about Malware threats😈, analysis and mitigation🧐.

IDA plugin which queries language models to speed up reverse-engineering

Reverse Engineer's Toolkit

Aftermath is a free macOS IR framework

Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (pa…

Go CLI and Library for quickly mapping organization network ranges using ASN information.

🙃 A delightful community-driven (with 2,400+ contributors) framework for managing your zsh configuration. Includes 300+ optional plugins (rails, git, macOS, hub, docker, homebrew, node, php, python…

An automatic unpacker and logger for DotNet Framework targeting files

A collection of MDE KQL hunting queries useful for incident response and threat hunting.

A suite of Tools to aid Incidence Response and Live Forensics for - Windows (Powershell) | Linux (Bash) | MacOS (Shell)

Accelerating the collection, processing, analysis and outputting of digital forensic artefacts.

Useful Techniques, Tactics, and Procedures for red teamers and defenders, alike!

Decompilation as a Service. Explore multiple decompilers and compare their output with minimal effort. Upload binary, get decompilation.

UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It automates the collection of artifacts from a wide range of U…

Hex diff viewer using alignment algorithms from biology

High Octane Triage Analysis

Collection of scripts / samples / snippits around the community service at www.filescan.io

The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifa…

OneDriveExplorer is a command line and GUI based application for reconstructing the folder structure of OneDrive from the <UserCid>.dat and <UserCid>.dat.previous file.

Rip Raw is a small tool to analyse the memory of compromised Linux systems.

Windows Events Attack Samples

Free hands-on digital forensics labs for students and faculty

ELF file viewer/editor for Windows, Linux and MacOS.

Collection of malware source code for a variety of platforms in an array of different programming languages.

Scan files or process memory for CobaltStrike beacons and parse their configuration

This repo covers some code execution and AV Evasion methods for Macros in Office documents

A static analyzer for PE executables.