Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

Practical Windows Forensics Training

SIEM Tactics, Techiques, and Procedures

Timeline of Active Directory changes with replication metadata

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

PowerShell module for Office 365 and Azure log collection

A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.

Invoke-LiveResponse

Powershell module for VMWare vSphere forensics

Invoke-Forensics provides PowerShell commands to simplify working with the forensic tools KAPE and RegRipper.

PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.

Provides various Windows Server Active Directory (AD) security-focused reports.

A PowerShell incident response script for quick triage

Powershell scripts for automating common system administration, blue team, and digital forensics tasks

Powershell script to help Speed ​​up Threat hunting incident response processes

Tiny proof-of-concept PowerShell script to do threat hunting using ChatGPT (text-davinci-003)

An open source project aimed to replicate the Windows SIFT Machine and tools used during SANS Courses minus any payware software.

incident response scripts

A PS forensics tool for Scraping, Filtering and Exporting Windows Event Logs