335 Open source projects that are alternatives of or similar to calamity

MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR

Yara rules written by me, for free use.

VirusTotal Wanna Be - Now with 100% more Hipster

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

Hunt malware with Volatility

Python tool and library to help analyze files during malware triage and analysis.

Malcom - Malware Communications Analyzer

Tools for the Computer Incident Response Team 💻

A library for financial options pricing written in Python.

Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)

Community modules for FAME

Provides various Windows Server Active Directory (AD) security-focused reports.

Python 3 Script to parse out iTunes backups

UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

A list of awesome malware detection tools

Malice Yara Plugin

Option pricing based on Black-Scholes processes, Monte-Carlo simulations with Geometric Brownian Motion, historical volatility, implied volatility, Greeks hedging

Run several volatility plugins at the same time

A collection of c++ programs that demonstrate common ways to detect the presence of an attached debugger.

Dumps all of the Key/Value pairs from a LevelDB database

Just a normal flask web app to understand win32api with code snippets and references.

Volatility Explorer Suit

Analyst Unknown Cyber Range - a micro web service framework

A Splunk Technology Add-on to forward filtered ETW events.

Parses Windows event logs files based on SANS Poster

A Binary Genetic Traits Lexer Framework

Docker configurations for TheHive, Cortex and 3rd party tools

DDTTX Tabletop Trainings

Edited version of Lee Christensen's Get-NetworkConnection which includes timestamp for each network connection

Defund the Police.

Emulate and Dissect MSF and *other* attacks

Write-ups for FireEye's FLARE-On challenges

Tools for inspecting disk images

Fuzzy Hash calculated from import API of PE files

Materials for a course based on the Practical Malware Analysis text by Andrew Honig and Michael Sikorski

OLE Package Format Documentation

Validates yara rules and tries to repair the broken ones.

Hexrays decompiler plugin that colorizes and filters the decompiler's output based on regular expressions

Personal research and publication on malware families

Carve file metadata from NTFS index ($I30) attributes

CDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library

Extract OLEv1 objects from RTF files by instrumenting Word

The Cross Platform AutoIt Extractor

Catalyst is an open source SOAR system that helps to automate alert handling and incident response processes

Anti-Malware for minecraft

Virustotal Data to Timesketch

Implementation of the DIMVA 2017 publication "Quincy: Detecting Host-Based Code Injection Attacks in Memory Dumps"

System Management RAM analysis tool

#ThreatHunting #DFIR #Malware #Detection Mind Maps

Trace ScriptBlock execution for powershell v2

Minimalistic DNS logging tool

Java-layer Android Malware Simplifier

FinSpy for Android technical analysis and tools

PowerShell module for Office 365 and Azure log collection

Simple windows API logger

SQLite queries

A machine learning tool that ranks strings based on their relevance for malware analysis.

Collection of malware persistence and hunting information. Be a persistent persistence hunter!

Information Security Library

Python client for Assemblyline 3 and 4 / Client python pour AssemblyLine 3 and 4