Ioc ExplorerExplore Indicators of Compromise Automatically
Stars: ✭ 73 (+329.41%)
Vast🔮 Visibility Across Space and Time
Stars: ✭ 227 (+1235.29%)
PatrowldocsPatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 105 (+517.65%)
Docker-TemplatesDocker configurations for TheHive, Cortex and 3rd party tools
Stars: ✭ 71 (+317.65%)
ad-privileged-auditProvides various Windows Server Active Directory (AD) security-focused reports.
Stars: ✭ 42 (+147.06%)
AttackdatamapA datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
Stars: ✭ 264 (+1452.94%)
SysmontoolsUtilities for Sysmon
Stars: ✭ 903 (+5211.76%)
IntelowlIntel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
Stars: ✭ 2,114 (+12335.29%)
Information Security TasksThis repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions
Stars: ✭ 108 (+535.29%)
Thehive4pyPython API Client for TheHive
Stars: ✭ 143 (+741.18%)
Sentinel AttackTools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Stars: ✭ 676 (+3876.47%)
dnslogMinimalistic DNS logging tool
Stars: ✭ 40 (+135.29%)
ThreathuntingA Splunk app mapped to MITRE ATT&CK to guide your threat hunts
Stars: ✭ 738 (+4241.18%)
MalwlessTest Blue Team detections without running any attack.
Stars: ✭ 215 (+1164.71%)
SlidesMisc Threat Hunting Resources
Stars: ✭ 203 (+1094.12%)
Swap digger swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.
Stars: ✭ 354 (+1982.35%)
Mac aptmacOS Artifact Parsing Tool
Stars: ✭ 329 (+1835.29%)
DiffyDiffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
Stars: ✭ 555 (+3164.71%)
Imago ForensicsImago is a python tool that extract digital evidences from images.
Stars: ✭ 175 (+929.41%)
TimesketchCollaborative forensic timeline analysis
Stars: ✭ 1,795 (+10458.82%)
Etl ParserEvent Trace Log file parser in pure Python
Stars: ✭ 66 (+288.24%)
UserlineQuery and report user logons relations from MS Windows Security Events
Stars: ✭ 221 (+1200%)
AutotimelinerAutomagically extract forensic timeline from volatile memory dump
Stars: ✭ 54 (+217.65%)
WefflesBuild a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI
Stars: ✭ 176 (+935.29%)
PockintA portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️
Stars: ✭ 196 (+1052.94%)
catalystCatalyst is an open source SOAR system that helps to automate alert handling and incident response processes
Stars: ✭ 91 (+435.29%)
HistoricprocesstreeAn Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree view.
Stars: ✭ 46 (+170.59%)
WatcherWatcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
Stars: ✭ 324 (+1805.88%)
DfirtrackDFIRTrack - The Incident Response Tracking Application
Stars: ✭ 232 (+1264.71%)
Dfir OrcForensics artefact collection tool for systems running Microsoft Windows
Stars: ✭ 202 (+1088.24%)
LevelDBDumperDumps all of the Key/Value pairs from a LevelDB database
Stars: ✭ 23 (+35.29%)
smram parseSystem Management RAM analysis tool
Stars: ✭ 50 (+194.12%)
Cyberchef RecipesA list of cyber-chef recipes and curated links
Stars: ✭ 619 (+3541.18%)
Cortex4pyPython API Client for Cortex
Stars: ✭ 22 (+29.41%)
Apt HunterAPT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
Stars: ✭ 297 (+1647.06%)
ScriptingPS / Bash / Python / Other scripts For FUN!
Stars: ✭ 47 (+176.47%)
evtx-hunterevtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.
Stars: ✭ 122 (+617.65%)
SleuthkitThe Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.
Stars: ✭ 1,948 (+11358.82%)
pyarascannerA simple many-rules to many-files YARA scanner for incident response or malware zoos.
Stars: ✭ 23 (+35.29%)
Judge-Jury-and-ExecutableA file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.
Stars: ✭ 66 (+288.24%)
sqhunterA simple threat hunting tool based on osquery, Salt Open and Cymon API
Stars: ✭ 64 (+276.47%)
pftriagePython tool and library to help analyze files during malware triage and analysis.
Stars: ✭ 77 (+352.94%)
YaraHuntsRandom hunting ordiented yara rules
Stars: ✭ 86 (+405.88%)
pyetiPython bindings for Yeti's API
Stars: ✭ 15 (-11.76%)
ETWNetMonv3ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
Stars: ✭ 32 (+88.24%)
AUCRAnalyst Unknown Cyber Range - a micro web service framework
Stars: ✭ 24 (+41.18%)
wazuh-packagesWazuh - Tools for packages creation
Stars: ✭ 54 (+217.65%)
detection-rulesThreat Detection & Anomaly Detection rules for popular open-source components
Stars: ✭ 34 (+100%)
DDTTXDDTTX Tabletop Trainings
Stars: ✭ 22 (+29.41%)
Splunk-ETWA Splunk Technology Add-on to forward filtered ETW events.
Stars: ✭ 26 (+52.94%)
dumproidAndroid process memory dump tool without ndk.
Stars: ✭ 55 (+223.53%)
BLUELAYSearches online paste sites for certain search terms which can indicate a possible data breach.
Stars: ✭ 24 (+41.18%)