Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.

Stars: ✭ 45 (-60.87%)

Mutual labels: incident-response, forensics, dfir

Pypowershellxray

Python script to decode common encoded PowerShell scripts

Stars: ✭ 192 (+66.96%)

Mutual labels: dfir, incident-response, forensics

uac

UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

Stars: ✭ 260 (+126.09%)

Mutual labels: incident-response, forensics, dfir

INDXRipper

Carve file metadata from NTFS index ($I30) attributes

Stars: ✭ 32 (-72.17%)

Mutual labels: incident-response, forensics, dfir

RdpCacheStitcher

RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.

Stars: ✭ 176 (+53.04%)

Mutual labels: incident-response, forensics, dfir

ir scripts

incident response scripts

Stars: ✭ 17 (-85.22%)

Mutual labels: incident-response, forensics, dfir

CDIR

CDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library

Stars: ✭ 122 (+6.09%)

Mutual labels: incident-response, forensics, dfir

MindMaps

#ThreatHunting #DFIR #Malware #Detection Mind Maps

Stars: ✭ 224 (+94.78%)

Mutual labels: incident-response, forensics, dfir

PSTrace

Trace ScriptBlock execution for powershell v2

Stars: ✭ 38 (-66.96%)

Mutual labels: incident-response, forensics, dfir

Ir Rescue

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

Stars: ✭ 311 (+170.43%)

Mutual labels: dfir, incident-response, forensics

Awesome Incident Response

A curated list of tools for incident response

Stars: ✭ 4,753 (+4033.04%)

Mutual labels: dfir, incident-response

Swap digger

swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.

Stars: ✭ 354 (+207.83%)

Mutual labels: dfir, forensics

Turbinia

Automation and Scaling of Digital Forensics Tools

Stars: ✭ 461 (+300.87%)

Mutual labels: dfir, forensics

Hindsight

Web browser forensics for Google Chrome/Chromium

Stars: ✭ 589 (+412.17%)

Mutual labels: dfir, forensics

Thehivedocs

Documentation of TheHive

Stars: ✭ 353 (+206.96%)

Mutual labels: dfir, incident-response

Diffy

Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.

Stars: ✭ 555 (+382.61%)

Mutual labels: dfir, forensics

Information Security Tasks

This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions

Stars: ✭ 108 (-6.09%)

Mutual labels: incident-response, forensics

Cortex

Cortex: a Powerful Observable Analysis and Active Response Engine

Stars: ✭ 676 (+487.83%)

Mutual labels: dfir, incident-response

View All Similar Projects ➔

Invoke-LiveResponse

The current scope of Invoke-LiveResponse is a live response tool for targeted collection. There are two main modes of use in Invoke-LiveResponse and both are configured by a variety of command line switches.

ForensicCopy

Reflectively loads Powerforensics onto target machine to enable raw disk access.
Leverages a scriptblock for each configured function of the script.
Common forensic artefacts and custom file collections.
WinPMem for memory support
Depending on the selected switches, each selected capability is joined at run time to build the scriptblock relevant to usecase.

Live Response

Inspired by the Kansa Framework, LiveResponse mode will execute any Powershell scripts placed inside a content folder.
Results consist of the standard out from the executed content.
The benefit of this method is the ability to operationalise new capability easily by dropping in new content with desired StdOut.

Can be run:

Over WinRM (original use)
Locally by leveraging the -WriteScriptBlock -LocalOut:$True switches to build a local collection script.
Invoke-LiveResponse supports Powershell 2.0 targets and above (excluding custom content)

Installation

Download Invoke-LiveResponse and extract into Powershell profile.

To run: Import-Module Invoke-LiveResponse

Help: Get-Help Invoke-LiveResponse -detailed

One liner install (if you trust me...)

PS> $url="https://raw.githubusercontent.com/mgreen27/Invoke-LiveResponse/master/Content/Ancillaries/Get-Forensicating.ps1";[Net.ServicePointManager]::SecurityProtocol = "tls12, tls11, tls";$WebClient=(New-Object System.Net.WebClient);$WebClient.Proxy=[System.Net.WebRequest]::GetSystemWebProxy();$WebClient.Proxy.Credentials=[System.Net.CredentialCache]::DefaultNetworkCredentials;Invoke-Expression $WebClient.DownloadString($url)

Documentation

https://github.com/mgreen27/Invoke-LiveResponse/wiki

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 115

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (0) 🔗