CCXDiggerThe CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Stars: ✭ 45 (-79.91%)
ir scriptsincident response scripts
Stars: ✭ 17 (-92.41%)
MthcAll-in-one bundle of MISP, TheHive and Cortex
Stars: ✭ 134 (-40.18%)
RdpCacheStitcherRdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
Stars: ✭ 176 (-21.43%)
Ioc ExplorerExplore Indicators of Compromise Automatically
Stars: ✭ 73 (-67.41%)
ThreatpinchlookupDocumentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Stars: ✭ 257 (+14.73%)
IntelowlIntel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
Stars: ✭ 2,114 (+843.75%)
uacUAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
Stars: ✭ 260 (+16.07%)
CDIRCDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library
Stars: ✭ 122 (-45.54%)
ScriptingPS / Bash / Python / Other scripts For FUN!
Stars: ✭ 47 (-79.02%)
MEATThis toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices
Stars: ✭ 101 (-54.91%)
OrianaOriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
Stars: ✭ 152 (-32.14%)
ThreathuntThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.
Stars: ✭ 92 (-58.93%)
PatrowldocsPatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 105 (-53.12%)
PatrowlenginesPatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 162 (-27.68%)
rhqRecon Hunt Queries
Stars: ✭ 66 (-70.54%)
PypowershellxrayPython script to decode common encoded PowerShell scripts
Stars: ✭ 192 (-14.29%)
SlidesMisc Threat Hunting Resources
Stars: ✭ 203 (-9.37%)
fastfinderIncident Response - Fast suspicious file finder
Stars: ✭ 116 (-48.21%)
ThreatingestorExtract and aggregate threat intelligence.
Stars: ✭ 439 (+95.98%)
Signature BaseSignature base for my scanner tools
Stars: ✭ 1,212 (+441.07%)
PSTraceTrace ScriptBlock execution for powershell v2
Stars: ✭ 38 (-83.04%)
ThePhishThePhish: an automated phishing email analysis tool
Stars: ✭ 676 (+201.79%)
Ir RescueA Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
Stars: ✭ 311 (+38.84%)
PackratLive system forensic collector
Stars: ✭ 16 (-92.86%)
INDXRipperCarve file metadata from NTFS index ($I30) attributes
Stars: ✭ 32 (-85.71%)
hayabusaHayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Stars: ✭ 908 (+305.36%)
BeagleBeagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Stars: ✭ 976 (+335.71%)
PatrowlmanagerPatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Stars: ✭ 363 (+62.05%)
YAFRAYAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.
Stars: ✭ 22 (-90.18%)
WatcherWatcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
Stars: ✭ 324 (+44.64%)
SSHapendoesCapture passwords of login attempts on non-existent and disabled accounts.
Stars: ✭ 31 (-86.16%)
CortexCortex: a Powerful Observable Analysis and Active Response Engine
Stars: ✭ 676 (+201.79%)
Cortex4pyPython API Client for Cortex
Stars: ✭ 22 (-90.18%)
HistoricprocesstreeAn Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree view.
Stars: ✭ 46 (-79.46%)
Cyberchef RecipesA list of cyber-chef recipes and curated links
Stars: ✭ 619 (+176.34%)
Information Security TasksThis repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions
Stars: ✭ 108 (-51.79%)
SleuthkitThe Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.
Stars: ✭ 1,948 (+769.64%)
Imago ForensicsImago is a python tool that extract digital evidences from images.
Stars: ✭ 175 (-21.87%)
ThehiveTheHive: a Scalable, Open Source and Free Security Incident Response Platform
Stars: ✭ 2,300 (+926.79%)
malware-persistenceCollection of malware persistence and hunting information. Be a persistent persistence hunter!
Stars: ✭ 109 (-51.34%)
PockintA portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️
Stars: ✭ 196 (-12.5%)
Dfir OrcForensics artefact collection tool for systems running Microsoft Windows
Stars: ✭ 202 (-9.82%)
Atc ReactA knowledge base of actionable Incident Response techniques
Stars: ✭ 226 (+0.89%)
Thehive4pyPython API Client for TheHive
Stars: ✭ 143 (-36.16%)
WefflesBuild a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI
Stars: ✭ 176 (-21.43%)
ScotSandia Cyber Omni Tracker (SCOT)
Stars: ✭ 206 (-8.04%)
dnslogMinimalistic DNS logging tool
Stars: ✭ 40 (-82.14%)
ManTraNet-pytorchImplementation of the famous Image Manipulation\Forgery Detector "ManTraNet" in Pytorch
Stars: ✭ 47 (-79.02%)
ETWNetMonv3ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
Stars: ✭ 32 (-85.71%)
Osquery ConfigurationA repository for using osquery for incident detection and response
Stars: ✭ 618 (+175.89%)
Sentinel AttackTools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Stars: ✭ 676 (+201.79%)
Pcap AttackPCAP Samples for Different Post Exploitation Techniques
Stars: ✭ 175 (-21.87%)