pyarascannerA simple many-rules to many-files YARA scanner for incident response or malware zoos.
Stars: ✭ 23 (-20.69%)
Vast🔮 Visibility Across Space and Time
Stars: ✭ 227 (+682.76%)
CDIRCDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library
Stars: ✭ 122 (+320.69%)
BlueCloudCyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.
Stars: ✭ 88 (+203.45%)
PypowershellxrayPython script to decode common encoded PowerShell scripts
Stars: ✭ 192 (+562.07%)
Docker-TemplatesDocker configurations for TheHive, Cortex and 3rd party tools
Stars: ✭ 71 (+144.83%)
AdtimelineTimeline of Active Directory changes with replication metadata
Stars: ✭ 252 (+768.97%)
WELAWELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
Stars: ✭ 442 (+1424.14%)
MalwlessTest Blue Team detections without running any attack.
Stars: ✭ 215 (+641.38%)
dnslogMinimalistic DNS logging tool
Stars: ✭ 40 (+37.93%)
GetConsoleHistoryAndOutputAn Incident Response tool to extract console command history and screen output buffer
Stars: ✭ 41 (+41.38%)
Imago ForensicsImago is a python tool that extract digital evidences from images.
Stars: ✭ 175 (+503.45%)
PSTraceTrace ScriptBlock execution for powershell v2
Stars: ✭ 38 (+31.03%)
TA-Sysmon-deployDeploy and maintain Symon through the Splunk Deployment Sever
Stars: ✭ 31 (+6.9%)
smram parseSystem Management RAM analysis tool
Stars: ✭ 50 (+72.41%)
EventTranscript.db-ResearchA repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.
Stars: ✭ 33 (+13.79%)
catalystCatalyst is an open source SOAR system that helps to automate alert handling and incident response processes
Stars: ✭ 91 (+213.79%)
Atc ReactA knowledge base of actionable Incident Response techniques
Stars: ✭ 226 (+679.31%)
Splunk-ETWA Splunk Technology Add-on to forward filtered ETW events.
Stars: ✭ 26 (-10.34%)
Dfir OrcForensics artefact collection tool for systems running Microsoft Windows
Stars: ✭ 202 (+596.55%)
EventTranscriptParserPython based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)
Stars: ✭ 22 (-24.14%)
WhidsOpen Source EDR for Windows
Stars: ✭ 188 (+548.28%)
QueriesSQLite queries
Stars: ✭ 57 (+96.55%)
MEATThis toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices
Stars: ✭ 101 (+248.28%)
ZombieantZombie Ant Farm: Primitives and Offensive Tooling for Linux EDR evasion.
Stars: ✭ 169 (+482.76%)
EvilizeParses Windows event logs files based on SANS Poster
Stars: ✭ 24 (-17.24%)
RdpCacheStitcherRdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
Stars: ✭ 176 (+506.9%)
yara-validatorValidates yara rules and tries to repair the broken ones.
Stars: ✭ 37 (+27.59%)
zeek-docsDocumentation for Zeek
Stars: ✭ 41 (+41.38%)
DFIR-O365RCPowerShell module for Office 365 and Azure log collection
Stars: ✭ 158 (+444.83%)
TheHiveHooksThis is a python tool aiming to make using TheHive webhooks easier.
Stars: ✭ 22 (-24.14%)
calamityA script to assist in processing forensic RAM captures for malware triage
Stars: ✭ 24 (-17.24%)
PackratLive system forensic collector
Stars: ✭ 16 (-44.83%)
ad-privileged-auditProvides various Windows Server Active Directory (AD) security-focused reports.
Stars: ✭ 42 (+44.83%)
CCXDiggerThe CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Stars: ✭ 45 (+55.17%)
pftriagePython tool and library to help analyze files during malware triage and analysis.
Stars: ✭ 77 (+165.52%)
DetectionlabAutomate the creation of a lab environment complete with security tooling and logging best practices
Stars: ✭ 3,237 (+11062.07%)
uacUAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
Stars: ✭ 260 (+796.55%)
DfirtrackDFIRTrack - The Incident Response Tracking Application
Stars: ✭ 232 (+700%)
artifactcollector🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system
Stars: ✭ 140 (+382.76%)
Threathunter PlaybookA Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
Stars: ✭ 2,879 (+9827.59%)
AUCRAnalyst Unknown Cyber Range - a micro web service framework
Stars: ✭ 24 (-17.24%)
UserlineQuery and report user logons relations from MS Windows Security Events
Stars: ✭ 221 (+662.07%)
DDTTXDDTTX Tabletop Trainings
Stars: ✭ 22 (-24.14%)
SlidesMisc Threat Hunting Resources
Stars: ✭ 203 (+600%)
MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (+672.41%)
PockintA portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️
Stars: ✭ 196 (+575.86%)
LevelDBDumperDumps all of the Key/Value pairs from a LevelDB database
Stars: ✭ 23 (-20.69%)
LinuxforensicsEverything related to Linux Forensics
Stars: ✭ 189 (+551.72%)
INDXRipperCarve file metadata from NTFS index ($I30) attributes
Stars: ✭ 32 (+10.34%)
Misp WarninglistsWarning lists to inform users of MISP about potential false-positives or other information in indicators
Stars: ✭ 184 (+534.48%)
MemProcFS-AnalyzerMemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
Stars: ✭ 89 (+206.9%)
Blue-Team-NotesYou didn't think I'd go and leave the blue team out, right?
Stars: ✭ 899 (+3000%)
ir scriptsincident response scripts
Stars: ✭ 17 (-41.38%)
DFIRRegexA repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.
Stars: ✭ 33 (+13.79%)
Get-NetworkConnectionEdited version of Lee Christensen's Get-NetworkConnection which includes timestamp for each network connection
Stars: ✭ 34 (+17.24%)
hayabusaHayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Stars: ✭ 908 (+3031.03%)