A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.
A curated list of tools for incident response
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
Automation and Scaling of Digital Forensics Tools
Query and report user logons relations from MS Windows Security Events
Zombie Ant Farm: Primitives and Offensive Tooling for Linux EDR evasion.
A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update. Use these CSVs to create your own known good hash sets!
A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.
A repo that contains a recursive dump from the ROOT key of every Windows Registry hive (using KAPE) from a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update.
Pipeline that allows sending forensic artifacts to OpenRelik for automatic processing
