A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

IntelOwl: manage your Threat Intelligence at scale

Loki - Simple IOC and YARA Scanner

Collaborative forensic timeline analysis

Investigate malicious Windows logon by visualizing and analyzing Windows event log

Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.

Your Everyday Threat Intelligence

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

Browser forensics tool for Google Chrome (and other Chromium-based browsers)

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

Malcom - Malware Communications Analyzer

A DFIR tool written in Python.

macOS (& ios) Artifact Parsing Tool

A collection of resources for Threat Hunters

Extract and aggregate threat intelligence.

Automation and Scaling of Digital Forensics Tools

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.

A knowledge base of actionable Incident Response techniques

⛔ (DEPRECATED) Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.

A little tool to play with Azure Identity - Azure and Entra ID lab creation tool. Blog: https://medium.com/@iknowjason/sentinel-for-purple-teaming-183b7df7a2f4