theArchitect0x12's repositories
MDE-DFIR-Resources
A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.
awesome-executable-packing
A curated list of awesome resources related to executable packing
InsightEngineering
Hardcore Debugging
protections-artifacts
Elastic Security detection content for Endpoint
Azure-Sentinel
Cloud-native SIEM for intelligent security analytics for your entire enterprise.
Microsoft-Analyzer-Suite
A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID
wiskess_rust
WISKESS automates the Windows evidence processing for Incident Response investigations. Rust version.
donut
Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
windows-drivers-rs
Platform that enables Windows driver development in Rust. Developed by Surface.
Windows-driver-samples
This repo contains driver samples prepared for use with Microsoft Visual Studio and the Windows Driver Kit (WDK). It contains both Universal Windows Driver and desktop-only driver samples.
forensictools
Collection of forensic tools
windows-syscalls
Windows System Call Tables (NT/2000/XP/2003/Vista/2008/7/2012/8/10)
Supernova
Real fucking shellcode encryptor & obfuscator tool
XProtect-Malware-Families
Mapping XProtect's obfuscated malware family names to common industry names.
awesome-incident-response
A curated list of tools for incident response
EVTX-ETW-Resources
Event Tracing For Windows (ETW) Resources
OffensiveRust
Rust Weaponization for Red Team Engagements.
LinuxForensics
Everything related to Linux Forensics
ArtifactParsers
A repo that aims to centralize a current, running list of relevant parsers/tools for known DFIR artifacts