flare-vm by mandiant

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

updated at May 12, 2024, 3:20 p.m.

199 +1

5,893 +18

868 +3

sysmon-modular by olafhartong

A repository of sysmon configuration modules

updated at May 11, 2024, 11:13 p.m.

164 +0

2,497 +4

567 +0

WELA by Yamato-Security

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

updated at May 11, 2024, 9:15 p.m.

17 +1

678 +0

74 +0

MFT_Browser by kacos2000

$MFT directory tree reconstruction & FILE record info

updated at May 9, 2024, 5:54 a.m.

13 +0

277 +1

30 +0

Meerkat by TonyPhipps

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

updated at May 7, 2024, 8:04 p.m.

31 +0

423 +0

84 +0

CimSweep by mattifestation

CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows.

updated at April 28, 2024, 12:09 a.m.

75 +0

634 +0

150 +0

Invoke-LiveResponse by mgreen27

Invoke-LiveResponse

updated at April 16, 2024, 12:32 a.m.

13 +0

144 +0

29 +0

PowerSponse by swisscom

PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.

updated at Jan. 29, 2024, 5:35 p.m.

15 +0

36 +0

6 +0

PowerGRR by swisscom

PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.

updated at Aug. 26, 2023, 6:23 p.m.

20 +0

56 +0

7 +0