235 Open source projects that are alternatives of or similar to Mac_apt

Truehunter

Automagically extract forensic timeline from volatile memory dump

Web browser forensics for Google Chrome/Chromium

A tool for forensic file system reconstruction.

Minimalistic DNS logging tool

The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.

PowerShell module for Office 365 and Azure log collection

CDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library

Dumps all of the Key/Value pairs from a LevelDB database

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

Automation and Scaling of Digital Forensics Tools

Everything related to Linux Forensics

Collaborative forensic timeline analysis

System Management RAM analysis tool

UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.

Educational, CTF-styled labs for individuals interested in Memory Forensics

Query and report user logons relations from MS Windows Security Events

Timeline of Active Directory changes with replication metadata

This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices

Live system forensic collector

Python 3 Script to parse out iTunes backups

Provides various Windows Server Active Directory (AD) security-focused reports.

incident response scripts

Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)

Carve file metadata from NTFS index ($I30) attributes

swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.

Invoke-LiveResponse

Python script to decode common encoded PowerShell scripts

An Incident Response tool to extract console command history and screen output buffer

Event Trace Log file parser in pure Python

#ThreatHunting #DFIR #Malware #Detection Mind Maps

Trace ScriptBlock execution for powershell v2

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

Salt States for Configuring the SIFT Workstation

Yara Based Detection Engine for web browsers

A boot record parser that identifies known good signatures for MBR, VBR and IPL.

macOS triage is a python script to collect various macOS logs, artifacts, and other data.

Wipe files and drives securely with randoms ASCII dicks

Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or events.

A sort of a toolkit to decrypt Dropbox Windows DBX files

Extract BITS jobs from QMGR queue and store them as CSV records

Docker image for hacking

Android Apps, Roms and Platforms for Pentesting

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update.

Implementation of the famous Image Manipulation\Forgery Detector "ManTraNet" in Pytorch

Incident Response - Fast suspicious file finder

Yara rules written by me, for free use.

Incident Response Scripts

DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.

Pre-connection attacks, gaining access & post-connection attacks on WEP, WPA & WPA2. 🛰✔️

🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system

A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.

Recon Hunt Queries

Very basic CLI SIEM (Security Information and Event Management system).

A script to assist in processing forensic RAM captures for malware triage