Automate the creation of a lab environment complete with security tooling and logging best practices

Windows Events Attack Samples

The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifacts that may no longer be readily available anymore.

Awesome list of keywords and artifacts for Threat Hunting sessions

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension

Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.

LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. This project gathers procedural examples from public reports of adversarial activities targeting ESXi hosts

A sample VHDX file with multiple verbose examples of forensic and anti-forensics artifacts. Meant to be basic and can be expanded upon. Please add a new issue if you have an idea for something to add.

A repository containing the research output from my GCFE Gold Paper which compared Windows 10 and Windows 11.

The DFIR.Science research blog about digital forensic investigation.

Documentation for DFIR ORC, artefact collection tool dedicated to Microsoft Windows

PoC for onMouseMove HTML file used in the Russian APT Group campaign targeting Ukraine

Tools to perform physical acquisition and other basic tasks for Android.

Common output format for hashlookup

Custom analyzers for the Cortex (https://thehive-project.org/, https://github.com/CERT-BDF/Cortex)

Documentation, cheatsheets and resources regarding digital forensics.

Blog de Con Forense

"Fly with me for a minute."

Public Repo to house the generated HTML for my blog site