A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

IntelOwl: manage your Threat Intelligence at scale

Loki - Simple IOC and YARA Scanner

Investigate malicious Windows logon by visualizing and analyzing Windows event log

Collaborative forensic timeline analysis

Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.

Your Everyday Threat Intelligence

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

Web browser forensics for Google Chrome/Chromium

Malcom - Malware Communications Analyzer

A DFIR tool written in Python.

A collection of resources for Threat Hunters

Extract and aggregate threat intelligence.

macOS (& ios) Artifact Parsing Tool

Automation and Scaling of Digital Forensics Tools

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.

A knowledge base of actionable Incident Response techniques

⛔ (DEPRECATED) Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.

Warning lists to inform users of MISP about potential false-positives or other information in indicators