Actionable analytics designed to combat threats

DFIR Timeline Analysis for macOS — SQLite-backed viewer for CSV, TSV, XLSX, EVTX, Plaso, $MFT, and $J files with AI Artifacts, AI Secret Hunt, process inspection, lateral movement tracking, persistence detection, and VirusTotal enrichment.

A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update. Use these CSVs to create your own known good hash sets!

Open Source Incident Management tool for the cloud native ecosystem

Essential playbooks & runbooks for cybersecurity operations. A dynamic resource for security pros to navigate digital threats, with best practices, incident management protocols, and community-driven updates. Elevate your security strategy and response with our AI-driven guides.

AI-native incident response and on-call platform. PagerDuty and Opsgenie alternative for modern SRE and DevOps teams.

Blue 🧿 Team Welcome to the Blue Team Cyber Investigation Tricks and Tools repository! This collection of resources is designed to aid cybersecurity professionals in defending and securing their networks. Whether you're a seasoned analyst or just getting started, you'll find valuable tools, techniques, and best practices here to enhance you

A forensic visualization tool for Wazuh that transforms Windows process creation logs (Event ID 4688) into interactive, draggable relationship graphs. Optimized for Threat Hunting and Incident Response.

Identifies real file types via binary signatures (Magic Numbers) to uncover hidden extensions, detect masqueraded malware, and mitigate phishing vectors.

Top 10 Malware detection projects focus on developing systems and techniques to identify and mitigate malicious software (malware) that can compromise the security of computer systems. Includes Source Code, PPT, Synopsis, Report, Documents, Base Research Paper & Video tutorials

Simplifies the process of gathering information about Indicators of Compromise

Check domain in question to VT

• Completed a job simulation involving reading web activity logs • Supported a client in a cyber security breach • Answered questions to identify suspicious user activity

Tools to support DFIR investigations

Developed a log analysis system to detect security incidents, reconstruct attack timelines, and identify malicious activity using Linux and Windows logs, demonstrating blue-team threat detection and incident response skills.

Incident Response (IR) ve tehdit tespiti odaklı optimize edilmiş bir Sysmon konfigürasyonu içerir.

This package implements multiples libraries and tools to parse, analyze and extract informations from disk on the live system.

Enterprise Cloud-Native Adapter specialized in SAP BTP (Kyma/Kubernetes) and Azure monitoring. Integrates SOC/NOC Operations, RPO/RTO optimization, and Business Continuity frameworks for resilient hybrid cloud architectures.

Book #3 CYSA+ Study Material