mohamed shabeeb's repositories
Splunk4DFIR
harness the power of Splunk for your investigations
PersistenceSniper
Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Official Twitter/X account @PersistSniper. Made with ❤️ by @last0x00 and @dottor_morte
windows-forensic-artifacts
Handbook of windows forensic artifacts across multiple Windows version with interpretation tips with some examples. Work in progress!
Easy_Linux_IR
This repository contains a script which will extract the artefacts for incident response and live forensics in Linux environments
Linux-Incident-Response
practical toolkit for cybersecurity and IT professionals. It features a detailed Linux cheatsheet for incident response
awesome-incident-response
A curated list of tools for incident response
Digital-Forensics-Script-for-Linux
Advanced Bash script designed for conducting digital forensics on Linux systems
AuthLogParser
AuthLogParser is a powerful DFIR tool designed specifically for analyzing Linux authentication logs, commonly known as auth.log
KQL-threat-hunting-queries
A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
CB-Threat-Hunting
Security operations queries and actions with CarbonBlack Response. Forked from @0xAnalyst
rules
Repository of yara rules
KQL
Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.
Device-Wipers
Shell scripts to wipe HDDs, SSDs and USB storage.
WhatMail
WhatMail is a command-line tool that analyzes the header of an email and provides detailed information about various fields.
freki
:wolf: Malware analysis platform
DFIR-Resources
Some important DFIR Resources
CSS-Exchange
Exchange Server support tools and scripts
awesome-forensics
A curated list of awesome forensic analysis tools and resources
DFIR-Tools
This is the One Stop place where you can find almost all of your Tools of Requirements in DFIR
Power-Forensics
Power-Forensics is the Best Friend for Incident Responders to perform IR and collect evidences for Linux based host
IR-Flash
Automated Script to capture forensic evidences (logs) from an Windows EndPoint.
prometheus-course
Course files for Monitoring and Alerting with Prometheus
CBR-Queries
Collection of useful, up to date, Carbon Black Response Queries
hunt-detect-prevent
Lists of sources and utilities utilized to hunt, detect and prevent evildoers.