PersistenceSniper alternatives for AI agents.

A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID

PowerShell Digital Forensics & Incident Response Scripts.

MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR

PowerShell script helping Incident Responders discover potential adversary persistence mechanisms.

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

Enterprise-ready SIEM, SOAR and Compliance powered by real-time correlation and threat intelligence.

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

Volatility 3.0 development

Digging Deeper....

The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.

This repo contains the results of an internal re-write of impacket I undertook at my current company. It contains some of the IoCs found within the library

Collaborative Incident Response platform

Open-source AI-powered Security Operations Center — alert fusion, purple-team drills, agent-assisted triage, MITRE ATT&CK investigation. MIT-licensed, self-hostable.

Cortex: a Powerful Observable Analysis and Active Response Engine

UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It automates the collection of artifacts from a wide range of Unix-like systems, including AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris.

IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.