CCXDiggerThe CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Stars: ✭ 45 (-29.69%)
ir scriptsincident response scripts
Stars: ✭ 17 (-73.44%)
RdpCacheStitcherRdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
Stars: ✭ 176 (+175%)
uacUAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
Stars: ✭ 260 (+306.25%)
Information Security TasksThis repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions
Stars: ✭ 108 (+68.75%)
PypowershellxrayPython script to decode common encoded PowerShell scripts
Stars: ✭ 192 (+200%)
PackratLive system forensic collector
Stars: ✭ 16 (-75%)
MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (+250%)
SleuthkitThe Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.
Stars: ✭ 1,948 (+2943.75%)
Ir RescueA Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
Stars: ✭ 311 (+385.94%)
PSTraceTrace ScriptBlock execution for powershell v2
Stars: ✭ 38 (-40.62%)
MEATThis toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices
Stars: ✭ 101 (+57.81%)
INDXRipperCarve file metadata from NTFS index ($I30) attributes
Stars: ✭ 32 (-50%)
CDIRCDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library
Stars: ✭ 122 (+90.63%)
GDPatrolA Lambda-powered Security Orchestration framework for AWS GuardDuty
Stars: ✭ 50 (-21.87%)
WELAWELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
Stars: ✭ 442 (+590.63%)
lsrootkitRootkit Detector for UNIX
Stars: ✭ 53 (-17.19%)
CASECyber-investigation Analysis Standard Expression (CASE) Ontology
Stars: ✭ 46 (-28.12%)
dumproidAndroid process memory dump tool without ndk.
Stars: ✭ 55 (-14.06%)
EventTranscriptParserPython based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)
Stars: ✭ 22 (-65.62%)
siemstressVery basic CLI SIEM (Security Information and Event Management system).
Stars: ✭ 24 (-62.5%)
MemProcFS-AnalyzerMemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
Stars: ✭ 89 (+39.06%)
Vol3xpVolatility Explorer Suit
Stars: ✭ 31 (-51.56%)
smram parseSystem Management RAM analysis tool
Stars: ✭ 50 (-21.87%)
git-forensics-pluginJenkins plug-in that mines and analyzes data from a Git repository
Stars: ✭ 19 (-70.31%)
toolsetUseful tools for CTF competitions
Stars: ✭ 31 (-51.56%)
fastfinderIncident Response - Fast suspicious file finder
Stars: ✭ 116 (+81.25%)
aws-customer-playbook-frameworkThis repository provides sample templates for security playbooks against various scenarios when using Amazon Web Services.
Stars: ✭ 43 (-32.81%)
rair-coreRAIR: RAdare In Rust
Stars: ✭ 63 (-1.56%)
bootcode parserA boot record parser that identifies known good signatures for MBR, VBR and IPL.
Stars: ✭ 91 (+42.19%)
pyaff4The Python implementation of the AFF4 standard.
Stars: ✭ 37 (-42.19%)
EvilizeParses Windows event logs files based on SANS Poster
Stars: ✭ 24 (-62.5%)
sqbriteSQBrite is a data recovery tool for SQLite databases
Stars: ✭ 27 (-57.81%)
sift-saltstackSalt States for Configuring the SIFT Workstation
Stars: ✭ 82 (+28.13%)
catalystCatalyst is an open source SOAR system that helps to automate alert handling and incident response processes
Stars: ✭ 91 (+42.19%)
WiFi-ProjectPre-connection attacks, gaining access & post-connection attacks on WEP, WPA & WPA2. 🛰✔️
Stars: ✭ 22 (-65.62%)
DFIR-O365RCPowerShell module for Office 365 and Azure log collection
Stars: ✭ 158 (+146.88%)
memscrimperCode for the DIMVA 2018 paper: "MemScrimper: Time- and Space-Efficient Storage of Malware Sandbox Memory Dumps"
Stars: ✭ 25 (-60.94%)
macOS-triagemacOS triage is a python script to collect various macOS logs, artifacts, and other data.
Stars: ✭ 20 (-68.75%)
CTF-Script-And-Template-Thrift-Shop[180+ scripts] There are a few genuine gems in there. And a lot of spaghetti code. Most of these scripts were for solving CTF's. If you googles something for a CTF and landed here look at the scripts they're all fairly malleable. Sorry for the shitty naming conventions (not really). If you are a recruiter stop. I wont be able to rewrite half thi…
Stars: ✭ 38 (-40.62%)
LinuxCatScaleIncident Response collection and processing scripts with automated reporting scripts
Stars: ✭ 143 (+123.44%)
Docker-TemplatesDocker configurations for TheHive, Cortex and 3rd party tools
Stars: ✭ 71 (+10.94%)
robot hacking manualRobot Hacking Manual (RHM). From robotics to cybersecurity. Papers, notes and writeups from a journey into robot cybersecurity.
Stars: ✭ 169 (+164.06%)
ad-privileged-auditProvides various Windows Server Active Directory (AD) security-focused reports.
Stars: ✭ 42 (-34.37%)
dcflddEnhanced version of dd for forensics and security
Stars: ✭ 27 (-57.81%)
mini-kaliDocker image for hacking
Stars: ✭ 15 (-76.56%)
LevelDBDumperDumps all of the Key/Value pairs from a LevelDB database
Stars: ✭ 23 (-64.06%)
Imm2VirtualThis is a GUI (for Windows 64 bit) for a procedure to virtualize your EWF(E01), DD (raw), AFF disk image file without converting it, directly with VirtualBox, forensically proof.
Stars: ✭ 40 (-37.5%)
ingest-fileIngestors extract the contents of mixed unstructured documents into structured (followthemoney) data.
Stars: ✭ 40 (-37.5%)