Random Python snippets for reference

DFIR IoC Unit Testing

Powershell wrapper for live memory capture using Winpmem

A collection of small scripts and howto's that where create at one point to solve a certain issue

python framework to parse logs for IR

overview and summation of digital forensics and incident response topic.

DFIR Lab in AWS

This repository contains Dockerfile for the remnux-sift Docker image published in the Docker Hub: https://hub.docker.com/r/yara0/remnux-sift

Azure Resource Graph Helper. Enumerate Azure Resources via Resource Graph to CSV

Criação de novos módulos para a ferramenta forense KAPE.

An updated fork of @moaistory's WinSearchDBAnalyzer project

🚀 IRIS-SOAR: Modular SOAR (Security Orchestration, Automation, and Response) implementation in Python. Designed to complement DFIR-IRIS through playbook automation and seamless integrations. Easily extensible and in active development. Join us in building a tool geared towards enhancing security efficiency!

A collection of spooky scripts that demonstrate the potential of Large Language Models (LLMs) to support CySec tasks.

My collection of write-ups on Cyber Defender Labs provides detailed solutions to various DFIR lab challenges. Each write-up breaks down the steps, tools, and techniques used to approach and resolve each lab, serving as a resource for anyone interested in advancing their skills in cyber defense.

An updated fork of @ignacioj's WMIParserStr project

PowerShell module for creating and managing Sysinternals Sysmon config files.

A 'raw' file copy tool for Windows systems -- bypassing the file mutex

Cross Platform (Go app) - to parse Windows Tasks UTF-16 le ecoded xml files to csv or onscreen tab

DFIRTrack - The Incident Response Tracking Application

Collaborative Incident Response platform