RdpCacheStitcherRdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
Stars: ✭ 176 (-43.41%)
MEATThis toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices
Stars: ✭ 101 (-67.52%)
MaliceVirusTotal Wanna Be - Now with 100% more Hipster
Stars: ✭ 1,253 (+302.89%)
MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (-27.97%)
INDXRipperCarve file metadata from NTFS index ($I30) attributes
Stars: ✭ 32 (-89.71%)
Cyberchef RecipesA list of cyber-chef recipes and curated links
Stars: ✭ 619 (+99.04%)
uacUAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
Stars: ✭ 260 (-16.4%)
ThePhishThePhish: an automated phishing email analysis tool
Stars: ✭ 676 (+117.36%)
EventTranscriptParserPython based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)
Stars: ✭ 22 (-92.93%)
ir scriptsincident response scripts
Stars: ✭ 17 (-94.53%)
IntelmqIntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.
Stars: ✭ 611 (+96.46%)
ad-privileged-auditProvides various Windows Server Active Directory (AD) security-focused reports.
Stars: ✭ 42 (-86.5%)
PSTraceTrace ScriptBlock execution for powershell v2
Stars: ✭ 38 (-87.78%)
CDIRCDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library
Stars: ✭ 122 (-60.77%)
CCXDiggerThe CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Stars: ✭ 45 (-85.53%)
MemlabsEducational, CTF-styled labs for individuals interested in Memory Forensics
Stars: ✭ 696 (+123.79%)
PypowershellxrayPython script to decode common encoded PowerShell scripts
Stars: ✭ 192 (-38.26%)
PackratLive system forensic collector
Stars: ✭ 16 (-94.86%)
Malware-ZooHashes of infamous malware
Stars: ✭ 18 (-94.21%)
urlRecon📝 urlRecon - Info Gathering or Recon tool for Urls -> Retrieves * Whois information of the domain * DNS Details of the domain * Server Fingerprint * IP geolocation of the server
Stars: ✭ 31 (-90.03%)
GetConsoleHistoryAndOutputAn Incident Response tool to extract console command history and screen output buffer
Stars: ✭ 41 (-86.82%)
hayabusaHayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Stars: ✭ 908 (+191.96%)
MalsubA Python RESTful API framework for online malware analysis and threat intelligence services.
Stars: ✭ 308 (-0.96%)
OwlyshieldOwlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact))..
Stars: ✭ 281 (-9.65%)
RecuperabitA tool for forensic file system reconstruction.
Stars: ✭ 280 (-9.97%)
Batch-AntivirusBatch Antivirus, a powerful antivirus suite written in batch with real-time protection and heuristical scanning.
Stars: ✭ 26 (-91.64%)
pyarascannerA simple many-rules to many-files YARA scanner for incident response or malware zoos.
Stars: ✭ 23 (-92.6%)
Docker-TemplatesDocker configurations for TheHive, Cortex and 3rd party tools
Stars: ✭ 71 (-77.17%)
dnslogMinimalistic DNS logging tool
Stars: ✭ 40 (-87.14%)
Blue-Team-NotesYou didn't think I'd go and leave the blue team out, right?
Stars: ✭ 899 (+189.07%)
Defeat-Defender-V1.2Powerful batch script to dismantle complete windows defender protection and even bypass tamper protection ..Disable Windows-Defender Permanently....Hack windows. POC
Stars: ✭ 885 (+184.57%)
memscrimperCode for the DIMVA 2018 paper: "MemScrimper: Time- and Space-Efficient Storage of Malware Sandbox Memory Dumps"
Stars: ✭ 25 (-91.96%)
DFIR-O365RCPowerShell module for Office 365 and Azure log collection
Stars: ✭ 158 (-49.2%)
DFIR Resources REvil KaseyaResources for DFIR Professionals Responding to the REvil Ransomware Kaseya Supply Chain Attack
Stars: ✭ 172 (-44.69%)
WELAWELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
Stars: ✭ 442 (+42.12%)
Reverse-EngineeringA FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.
Stars: ✭ 7,234 (+2226.05%)
smram parseSystem Management RAM analysis tool
Stars: ✭ 50 (-83.92%)
GDPatrolA Lambda-powered Security Orchestration framework for AWS GuardDuty
Stars: ✭ 50 (-83.92%)
robot hacking manualRobot Hacking Manual (RHM). From robotics to cybersecurity. Papers, notes and writeups from a journey into robot cybersecurity.
Stars: ✭ 169 (-45.66%)
catalystCatalyst is an open source SOAR system that helps to automate alert handling and incident response processes
Stars: ✭ 91 (-70.74%)
MemProcFS-AnalyzerMemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
Stars: ✭ 89 (-71.38%)
LevelDBDumperDumps all of the Key/Value pairs from a LevelDB database
Stars: ✭ 23 (-92.6%)
auroraMalware similarity platform with modularity in mind.
Stars: ✭ 70 (-77.49%)
fastfinderIncident Response - Fast suspicious file finder
Stars: ✭ 116 (-62.7%)
lsrootkitRootkit Detector for UNIX
Stars: ✭ 53 (-82.96%)
rhqRecon Hunt Queries
Stars: ✭ 66 (-78.78%)
KuiperDigital Forensics Investigation Platform
Stars: ✭ 257 (-17.36%)
YAFRAYAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.
Stars: ✭ 22 (-92.93%)