Swap digger swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.
Stars: ✭ 354 (+1585.71%)
minerchkBash script to Check for malicious Cryptomining
Stars: ✭ 36 (+71.43%)
Cyberchef RecipesA list of cyber-chef recipes and curated links
Stars: ✭ 619 (+2847.62%)
ThreatpinchlookupDocumentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Stars: ✭ 257 (+1123.81%)
WELAWELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
Stars: ✭ 442 (+2004.76%)
LokiLoki - Simple IOC and Incident Response Scanner
Stars: ✭ 2,217 (+10457.14%)
MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (+966.67%)
factual-rules-generatorFactual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.
Stars: ✭ 62 (+195.24%)
Mac aptmacOS Artifact Parsing Tool
Stars: ✭ 329 (+1466.67%)
SuperLibraryInformation Security Library
Stars: ✭ 60 (+185.71%)
decwindbxA sort of a toolkit to decrypt Dropbox Windows DBX files
Stars: ✭ 22 (+4.76%)
hayabusaHayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Stars: ✭ 908 (+4223.81%)
ThePhishThePhish: an automated phishing email analysis tool
Stars: ✭ 676 (+3119.05%)
fastfinderIncident Response - Fast suspicious file finder
Stars: ✭ 116 (+452.38%)
RdpCacheStitcherRdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
Stars: ✭ 176 (+738.1%)
Python IocextractDefanged Indicator of Compromise (IOC) Extractor.
Stars: ✭ 300 (+1328.57%)
zeek-docsDocumentation for Zeek
Stars: ✭ 41 (+95.24%)
CASECyber-investigation Analysis Standard Expression (CASE) Ontology
Stars: ✭ 46 (+119.05%)
TheHiveHooksThis is a python tool aiming to make using TheHive webhooks easier.
Stars: ✭ 22 (+4.76%)
DiffyDiffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
Stars: ✭ 555 (+2542.86%)
pyarascannerA simple many-rules to many-files YARA scanner for incident response or malware zoos.
Stars: ✭ 23 (+9.52%)
EventTranscript.db-ResearchA repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.
Stars: ✭ 33 (+57.14%)
Security OnionSecurity Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management
Stars: ✭ 2,956 (+13976.19%)
AdtimelineTimeline of Active Directory changes with replication metadata
Stars: ✭ 252 (+1100%)
WhatfilesLog what files are accessed by any Linux process
Stars: ✭ 800 (+3709.52%)
OrianaOriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
Stars: ✭ 152 (+623.81%)
EventTranscriptParserPython based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)
Stars: ✭ 22 (+4.76%)
MthcAll-in-one bundle of MISP, TheHive and Cortex
Stars: ✭ 134 (+538.1%)
Vast🔮 Visibility Across Space and Time
Stars: ✭ 227 (+980.95%)
pyaff4The Python implementation of the AFF4 standard.
Stars: ✭ 37 (+76.19%)
Atc ReactA knowledge base of actionable Incident Response techniques
Stars: ✭ 226 (+976.19%)
LolbasLiving Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Stars: ✭ 3,810 (+18042.86%)
MalwlessTest Blue Team detections without running any attack.
Stars: ✭ 215 (+923.81%)
ForensicsToolsA list of free and open forensics analysis tools and other resources
Stars: ✭ 392 (+1766.67%)
Dfir OrcForensics artefact collection tool for systems running Microsoft Windows
Stars: ✭ 202 (+861.9%)
ThreatingestorExtract and aggregate threat intelligence.
Stars: ✭ 439 (+1990.48%)
yara-validatorValidates yara rules and tries to repair the broken ones.
Stars: ✭ 37 (+76.19%)
WhidsOpen Source EDR for Windows
Stars: ✭ 188 (+795.24%)
CirtkitTools for the Computer Incident Response Team 💻
Stars: ✭ 117 (+457.14%)
Imago ForensicsImago is a python tool that extract digital evidences from images.
Stars: ✭ 175 (+733.33%)
pftriagePython tool and library to help analyze files during malware triage and analysis.
Stars: ✭ 77 (+266.67%)
hotolotidocumentation, scripts, tools related to Zena Forensics (http://blog.digital-forensics.it)
Stars: ✭ 66 (+214.29%)
CacadorIndicator Extractor
Stars: ✭ 115 (+447.62%)
DDTTXDDTTX Tabletop Trainings
Stars: ✭ 22 (+4.76%)
LogontracerInvestigate malicious Windows logon by visualizing and analyzing Windows event log
Stars: ✭ 1,914 (+9014.29%)
YobiYara Based Detection Engine for web browsers
Stars: ✭ 39 (+85.71%)
TimesketchCollaborative forensic timeline analysis
Stars: ✭ 1,795 (+8447.62%)
Red-Rabbit-V4The Red Rabbit project is just what a hacker needs for everyday automation. Red Rabbit unlike most frameworks out there does not automate other peoples tools like the aircrack suite or the wifite framework, it rather has its own code and is raw source with over 270+ options. This framework might just be your everyday key to your workflow
Stars: ✭ 123 (+485.71%)
ZeekZeek is a powerful network analysis framework that is much different from the typical IDS you may know.
Stars: ✭ 4,180 (+19804.76%)
LolbasLiving Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Stars: ✭ 1,506 (+7071.43%)
VanillaWindowsReferenceA repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update.
Stars: ✭ 24 (+14.29%)
EvilizeParses Windows event logs files based on SANS Poster
Stars: ✭ 24 (+14.29%)
Cortex4pyPython API Client for Cortex
Stars: ✭ 22 (+4.76%)
ThreathuntingA Splunk app mapped to MITRE ATT&CK to guide your threat hunts
Stars: ✭ 738 (+3414.29%)
PSTraceTrace ScriptBlock execution for powershell v2
Stars: ✭ 38 (+80.95%)