Skip to content

ventdrop/DFIR

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
KQLHuntingQueries
KQLHuntingQueries
 
 
SPLHuntingQueries
SPLHuntingQueries
 
 
Scripts
Scripts
 
 
volatility2
volatility2
 
 
README.md
README.md
 
 

Repository files navigation

DFIR Resources

This is a repo that will eventually contain various resources that I have created for use in DFIR/Threat Hunting/Malware Analysis. I am hoping to upload the following:

  • Microsoft Defender Advanced Hunting Queries (KQL)
  • Splunk Queries (SPL)
  • Volatililty Profiles (Linux)
  • Python Scripts
  • Others

These resources are public and available for use

Future blog posts with guides, write-ups and how-to's will be found at https://ventdrop.github.io

Microsoft Defender Advanced Hunting Queries (KQL)

Coming soon

Scripts

Coming soon

Splunk Hunting Queries (SPL)

Coming soon

Volatility2 Profiles

Created using the method described in the following blog post https://andreafortuna.org/2019/08/22/how-to-generate-a-volatility-profile-for-a-linux-system/

CentOS 7 / Red Hat Enterprise Linux (RHEL) 7.9

  • CentOS_3.10.0-1160.105.1.el7.x86_64.zip

Volatility3 Profiles

Coming soon

About

Various, random DFIR resources

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published