This project is a SIEM with SIRP and Threat Intel, all in one.

A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you come from where did you go) in Security Incidents and Threat Hunts

Pipeline that allows sending forensic artifacts to OpenRelik for automatic processing

The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.

VTC - Velociraptor Timeline Creator

CLI generator for Velociraptor offline collector

Scripts to for ready-to-use Velociraptor instance deployment in Azure

Rust DFIR tool that massively parses cross-platform evidence, even deleted logs, into a lateral movement timeline and graph database.

Velociraptor support for VSCode

SECUBIAN is a French Linux distribution focused on evidence processing during Incident Response.

This guide is for setting up Velociraptor in Kubernetes (AWS)

A deployment and testing platform for Velociraptor's client artifacts

Simple anydesk log collector written in VQL for velociraptorIR and is an edited version of the file collector artifact. This file was made while I worked for ESTIJABAH company

A Velociraptor artifact for automated Thor YARA scanning

A GitHub Action to setup Velociraptor

Evidence Collection & Handling Orchestrator

A simulated enterprise DFIR lab environment modeling a corporate LAN with Active Directory, pfSense, Velociraptor, and attacker emulation for incident response and threat investigation.

A DFIR lab demonstrating rapid forensic triage and artifact collection using Velociraptor and KAPE in response to a Mimikatz alert.

A hands-on DFIR investigation using Velociraptor to contain a Mimikatz infection, collect forensic artifacts, and perform network-wide threat hunting.