LookylooLookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.
Stars: ✭ 381 (+1311.11%)
uacUAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
Stars: ✭ 260 (+862.96%)
Opensource-Endpoint-MonitoringThis repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.
Stars: ✭ 30 (+11.11%)
CDIRCDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library
Stars: ✭ 122 (+351.85%)
Imago ForensicsImago is a python tool that extract digital evidences from images.
Stars: ✭ 175 (+548.15%)
Splunk-ETWA Splunk Technology Add-on to forward filtered ETW events.
Stars: ✭ 26 (-3.7%)
hashlookup-forensic-analyserAnalyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/
Stars: ✭ 43 (+59.26%)
ThreatingestorExtract and aggregate threat intelligence.
Stars: ✭ 439 (+1525.93%)
pftriagePython tool and library to help analyze files during malware triage and analysis.
Stars: ✭ 77 (+185.19%)
ZombieantZombie Ant Farm: Primitives and Offensive Tooling for Linux EDR evasion.
Stars: ✭ 169 (+525.93%)
QueriesSQLite queries
Stars: ✭ 57 (+111.11%)
WindowsDFIRRepository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or events.
Stars: ✭ 51 (+88.89%)
Blue-Team-NotesYou didn't think I'd go and leave the blue team out, right?
Stars: ✭ 899 (+3229.63%)
ThreathuntingA Splunk app mapped to MITRE ATT&CK to guide your threat hunts
Stars: ✭ 738 (+2633.33%)
MEATThis toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices
Stars: ✭ 101 (+274.07%)
GetConsoleHistoryAndOutputAn Incident Response tool to extract console command history and screen output buffer
Stars: ✭ 41 (+51.85%)
Ir RescueA Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
Stars: ✭ 311 (+1051.85%)
BlueCloudCyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.
Stars: ✭ 88 (+225.93%)
IRScriptsIncident Response Scripts
Stars: ✭ 29 (+7.41%)
TA-Sysmon-deployDeploy and maintain Symon through the Splunk Deployment Sever
Stars: ✭ 31 (+14.81%)
HindsightWeb browser forensics for Google Chrome/Chromium
Stars: ✭ 589 (+2081.48%)
teleparserTelegram cache4.db parser
Stars: ✭ 52 (+92.59%)
ir scriptsincident response scripts
Stars: ✭ 17 (-37.04%)
RecuperabitA tool for forensic file system reconstruction.
Stars: ✭ 280 (+937.04%)
CCXDiggerThe CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Stars: ✭ 45 (+66.67%)
DFIRRegexA repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.
Stars: ✭ 33 (+22.22%)
OrianaOriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
Stars: ✭ 152 (+462.96%)
DDTTXDDTTX Tabletop Trainings
Stars: ✭ 22 (-18.52%)
LogontracerInvestigate malicious Windows logon by visualizing and analyzing Windows event log
Stars: ✭ 1,914 (+6988.89%)
Threathunter PlaybookA Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
Stars: ✭ 2,879 (+10562.96%)
DetectionlabelkDetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
Stars: ✭ 273 (+911.11%)
UserlineQuery and report user logons relations from MS Windows Security Events
Stars: ✭ 221 (+718.52%)
LevelDBDumperDumps all of the Key/Value pairs from a LevelDB database
Stars: ✭ 23 (-14.81%)
SlidesMisc Threat Hunting Resources
Stars: ✭ 203 (+651.85%)
TurbiniaAutomation and Scaling of Digital Forensics Tools
Stars: ✭ 461 (+1607.41%)
PockintA portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️
Stars: ✭ 196 (+625.93%)
Get-NetworkConnectionEdited version of Lee Christensen's Get-NetworkConnection which includes timestamp for each network connection
Stars: ✭ 34 (+25.93%)
TimesketchCollaborative forensic timeline analysis
Stars: ✭ 1,795 (+6548.15%)
AttackdatamapA datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
Stars: ✭ 264 (+877.78%)
Misp WarninglistsWarning lists to inform users of MISP about potential false-positives or other information in indicators
Stars: ✭ 184 (+581.48%)
smram parseSystem Management RAM analysis tool
Stars: ✭ 50 (+85.19%)
YobiYara Based Detection Engine for web browsers
Stars: ✭ 39 (+44.44%)
Red-Rabbit-V4The Red Rabbit project is just what a hacker needs for everyday automation. Red Rabbit unlike most frameworks out there does not automate other peoples tools like the aircrack suite or the wifite framework, it rather has its own code and is raw source with over 270+ options. This framework might just be your everyday key to your workflow
Stars: ✭ 123 (+355.56%)
CacadorIndicator Extractor
Stars: ✭ 115 (+325.93%)
LokiLoki - Simple IOC and Incident Response Scanner
Stars: ✭ 2,217 (+8111.11%)
WELAWELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
Stars: ✭ 442 (+1537.04%)
ThreatpinchlookupDocumentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Stars: ✭ 257 (+851.85%)
MthcAll-in-one bundle of MISP, TheHive and Cortex
Stars: ✭ 134 (+396.3%)
EventTranscriptParserPython based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)
Stars: ✭ 22 (-18.52%)
CirtkitTools for the Computer Incident Response Team 💻
Stars: ✭ 117 (+333.33%)
hotolotidocumentation, scripts, tools related to Zena Forensics (http://blog.digital-forensics.it)
Stars: ✭ 66 (+144.44%)
EvilizeParses Windows event logs files based on SANS Poster
Stars: ✭ 24 (-11.11%)
WhatfilesLog what files are accessed by any Linux process
Stars: ✭ 800 (+2862.96%)
ZeekZeek is a powerful network analysis framework that is much different from the typical IDS you may know.
Stars: ✭ 4,180 (+15381.48%)