compsecdirect/dfir

GitHub: compsecdirect/dfir

一个数字取证与威胁狩猎相关的脚本工具集合，提供 YARA 规则批量生成、文件夹执行权限禁用等取证辅助能力。

Stars: 1 | Forks: 0

# dfir 与威胁狩猎相关的取证 ## ROCKY ![K4IRW-Rocky-Intro.gif](https://raw.githubusercontent.com/compsecdirect/dfir/main/K4IRW-Rocky-Intro.gif) ## Disable-Folder-Execution.ps1 ``` .\scripts\Disable-Folder-Execution.ps1 ``` ![](https://static.pigsec.cn/wp-content/uploads/repos/2026/06/e2ef985ef9113544.gif) ## multi-yarGen.py ``` python multi-yarGen.py -p "C:\\Users\\Administrator\\Desktop\\test5\" -r "C:\\Users\\Administrator\\Desktop\\rulesout" ``` Debug 参数： ``` -r C:\Users\Administrator\Desktop\rulesout -p C:\Users\Administrator\Desktop\test5\ ``` ![multi-yarGen-Debug](https://static.pigsec.cn/wp-content/uploads/repos/2026/06/a58d031b15113550.gif)

标签：AI合规, DNS 反向解析, IPv6, PowerShell, Python, YARA, 云资产可视化, 后端开发, 安全, 搜索语句（dork）, 无后门, 超时处理, 逆向工具