RecuperabitA tool for forensic file system reconstruction.
Stars: ✭ 280 (+143.48%)
VanillaWindowsReferenceA repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update.
Stars: ✭ 24 (-79.13%)
MemlabsEducational, CTF-styled labs for individuals interested in Memory Forensics
Stars: ✭ 696 (+505.22%)
ThehivedocsDocumentation of TheHive
Stars: ✭ 353 (+206.96%)
decwindbxA sort of a toolkit to decrypt Dropbox Windows DBX files
Stars: ✭ 22 (-80.87%)
Forensic ToolsCIRCL system forensic tools or a jumble of tools to support forensic
Stars: ✭ 27 (-76.52%)
AttackdatamapA datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
Stars: ✭ 264 (+129.57%)
Etl ParserEvent Trace Log file parser in pure Python
Stars: ✭ 66 (-42.61%)
minerchkBash script to Check for malicious Cryptomining
Stars: ✭ 36 (-68.7%)
HindsightWeb browser forensics for Google Chrome/Chromium
Stars: ✭ 589 (+412.17%)
LookylooLookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.
Stars: ✭ 381 (+231.3%)
ir scriptsincident response scripts
Stars: ✭ 17 (-85.22%)
MalcomMalcom - Malware Communications Analyzer
Stars: ✭ 988 (+759.13%)
Ir RescueA Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
Stars: ✭ 311 (+170.43%)
Signature BaseSignature base for my scanner tools
Stars: ✭ 1,212 (+953.91%)
DetectionlabelkDetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
Stars: ✭ 273 (+137.39%)
Cortex4pyPython API Client for Cortex
Stars: ✭ 22 (-80.87%)
ThreatpinchlookupDocumentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Stars: ✭ 257 (+123.48%)
ThreathuntThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.
Stars: ✭ 92 (-20%)
rhqRecon Hunt Queries
Stars: ✭ 66 (-42.61%)
CortexCortex: a Powerful Observable Analysis and Active Response Engine
Stars: ✭ 676 (+487.83%)
factual-rules-generatorFactual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.
Stars: ✭ 62 (-46.09%)
AutotimelinerAutomagically extract forensic timeline from volatile memory dump
Stars: ✭ 54 (-53.04%)
fastfinderIncident Response - Fast suspicious file finder
Stars: ✭ 116 (+0.87%)
TurbiniaAutomation and Scaling of Digital Forensics Tools
Stars: ✭ 461 (+300.87%)
ZeekZeek is a powerful network analysis framework that is much different from the typical IDS you may know.
Stars: ✭ 4,180 (+3534.78%)
artifactcollector🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system
Stars: ✭ 140 (+21.74%)
HistoricprocesstreeAn Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree view.
Stars: ✭ 46 (-60%)
Swap digger swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.
Stars: ✭ 354 (+207.83%)
Sysmon ModularA repository of sysmon configuration modules
Stars: ✭ 1,229 (+968.7%)
Mac aptmacOS Artifact Parsing Tool
Stars: ✭ 329 (+186.09%)
BeagleBeagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Stars: ✭ 976 (+748.7%)
Python IocextractDefanged Indicator of Compromise (IOC) Extractor.
Stars: ✭ 300 (+160.87%)
Awesome ForensicsA curated list of awesome forensic analysis tools and resources
Stars: ✭ 1,775 (+1443.48%)
Security OnionSecurity Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management
Stars: ✭ 2,956 (+2470.43%)
Artifacts📇 Digital Forensics Artifact Repository (forensicanalysis edition)
Stars: ✭ 21 (-81.74%)
LolbasLiving Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Stars: ✭ 3,810 (+3213.04%)
Lw YaraYara Ruleset for scanning Linux servers for shells, spamming, phishing and other webserver baddies
Stars: ✭ 78 (-32.17%)
KuiperDigital Forensics Investigation Platform
Stars: ✭ 257 (+123.48%)
ThreathuntingA Splunk app mapped to MITRE ATT&CK to guide your threat hunts
Stars: ✭ 738 (+541.74%)
YobiYara Based Detection Engine for web browsers
Stars: ✭ 39 (-66.09%)
LolbasLiving Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Stars: ✭ 1,506 (+1209.57%)
yara-rulesYara rules written by me, for free use.
Stars: ✭ 13 (-88.7%)
Opensource-Endpoint-MonitoringThis repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.
Stars: ✭ 30 (-73.91%)
MimirSmart OSINT collection of common IOC types
Stars: ✭ 63 (-45.22%)
hashlookup-forensic-analyserAnalyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/
Stars: ✭ 43 (-62.61%)
Cyberchef RecipesA list of cyber-chef recipes and curated links
Stars: ✭ 619 (+438.26%)
WindowsDFIRRepository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or events.
Stars: ✭ 51 (-55.65%)
MaliceVirusTotal Wanna Be - Now with 100% more Hipster
Stars: ✭ 1,253 (+989.57%)
DiffyDiffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
Stars: ✭ 555 (+382.61%)
IRScriptsIncident Response Scripts
Stars: ✭ 29 (-74.78%)
ScriptingPS / Bash / Python / Other scripts For FUN!
Stars: ✭ 47 (-59.13%)
ThreatingestorExtract and aggregate threat intelligence.
Stars: ✭ 439 (+281.74%)
KiewtaiA port of Kaitai to the Hiew hex editor
Stars: ✭ 108 (-6.09%)
YetiYour Everyday Threat Intelligence
Stars: ✭ 1,037 (+801.74%)