OxShaggy's starred repositories
malware_training_vol1
Materials for Windows Malware Analysis training (volume 1)
hollows_hunter
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
PSPortable
Customized PowerShell environment packaged into a deployable portable package.
macOSTriageCollectionScript
A triage data collection script for macOS
velociraptor
Digging Deeper....
digital-forensics-lab
Free hands-on digital forensics labs for students and faculty
PersistenceSniper
Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Official Twitter/X account @PersistSniper. Made with ❤️ by @last0x00 and @dottor_morte
win-mal-investigations
Windows Malware Investigation Scripts & Docs
rapid-endpoint-investigations
Scripts for rapid Windows endpoint "tactical triage" and investigations with Velociraptor and KAPE
AnalyzePDF
Tool to help analyze PDF files
MemProcFS-Analyzer
MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
ForensicMiner
A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.
DiscordTokenCarver
Carves/steals tokens for discord from local machine
CSIRT-Collect
PowerShell script to collect memory and (triage) disk forensics
Awesome-KAPE
A curated list of KAPE-related resources
Kape2ADX
This is a project for automating your KAPE process. Currently, this project takes KAPE .zips found in blob storage, turns the artefacts into super timelines, then uploads the .csv back to Blob. You can optionally connect blob as a data source to Azure Data Explorer to then do forensics via KQL.
incident-response-plan-template
A concise, directive, specific, flexible, and free incident response plan template