Test Blue Team detections without running any attack.
-
Updated
May 2, 2024 - C#
Test Blue Team detections without running any attack.
CDIR Analyzer - parsers for data collected by CDIR Collector
A C# (.NET 6) tool to compare the file signature of files recursively and inform the user of matches and mismatches
A Splunk Technology Add-on to forward filtered ETW events.
PurpleSharpEnhanced is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments
An updated fork of @AbdulRhmanAlfaifi's EventLogMonitor, which hooks into Window Event Logs and displays the new events as they are written to disk.
Rapid DFIR Triage Collection Tool For Windows, Mac and Linux
An updated fork of @thereisnotime's xxUSBSentinel, a Windows anti-forensics USB monitoring tool.
C# Library and research notes for Windows 11 Notepad State Files
An updated fork of @3lp4tr0n's BeaconHunter. Detect and respond to Cobalt Strike beacons using ETW
Reverse Engineering the Windowstate files for Windows Notepad
An updated fork of @GhostPack's Seatbelt project, Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
An updated fork of @bacanoicua's RAMDumpExplorer project. This is a program designed to analyze a dump of the RAM memory to search for potentially malicious files. The program scans the dump file for specific patterns and uses regular expressions to identify and extract the matched values
An updated fork of DateDecoder originally by @jacobsoo.
Reverse Engineering the Tabstate files for Windows Notepad
Add a description, image, and links to the dfir topic page so that developers can more easily learn about it.
To associate your repository with the dfir topic, visit your repo's landing page and select "manage topics."