ThreatpinchlookupDocumentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Stars: ✭ 257 (+1613.33%)
Malware FeedBringing you the best of the worst files on the Internet.
Stars: ✭ 69 (+360%)
YetiYour Everyday Threat Intelligence
Stars: ✭ 1,037 (+6813.33%)
Python IocextractDefanged Indicator of Compromise (IOC) Extractor.
Stars: ✭ 300 (+1900%)
ThreatingestorExtract and aggregate threat intelligence.
Stars: ✭ 439 (+2826.67%)
MaliceVirusTotal Wanna Be - Now with 100% more Hipster
Stars: ✭ 1,253 (+8253.33%)
TA-Sysmon-deployDeploy and maintain Symon through the Splunk Deployment Sever
Stars: ✭ 31 (+106.67%)
INDXRipperCarve file metadata from NTFS index ($I30) attributes
Stars: ✭ 32 (+113.33%)
PackratLive system forensic collector
Stars: ✭ 16 (+6.67%)
AdtimelineTimeline of Active Directory changes with replication metadata
Stars: ✭ 252 (+1580%)
CDIRCDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library
Stars: ✭ 122 (+713.33%)
Blue-Team-NotesYou didn't think I'd go and leave the blue team out, right?
Stars: ✭ 899 (+5893.33%)
Vast🔮 Visibility Across Space and Time
Stars: ✭ 227 (+1413.33%)
Malware-ZooHashes of infamous malware
Stars: ✭ 18 (+20%)
dnslogMinimalistic DNS logging tool
Stars: ✭ 40 (+166.67%)
VirusTotalScannerScan suspicious applications with over 60 different anti-viruses with a mere two clicks and five seconds!
Stars: ✭ 18 (+20%)
EventTranscript.db-ResearchA repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.
Stars: ✭ 33 (+120%)
cif-v5The FASTEST way to consume threat intel.
Stars: ✭ 53 (+253.33%)
Docker-TemplatesDocker configurations for TheHive, Cortex and 3rd party tools
Stars: ✭ 71 (+373.33%)
Atc ReactA knowledge base of actionable Incident Response techniques
Stars: ✭ 226 (+1406.67%)
MalwlessTest Blue Team detections without running any attack.
Stars: ✭ 215 (+1333.33%)
Dfir OrcForensics artefact collection tool for systems running Microsoft Windows
Stars: ✭ 202 (+1246.67%)
AUCRAnalyst Unknown Cyber Range - a micro web service framework
Stars: ✭ 24 (+60%)
MEATThis toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices
Stars: ✭ 101 (+573.33%)
PypowershellxrayPython script to decode common encoded PowerShell scripts
Stars: ✭ 192 (+1180%)
zeek-docsDocumentation for Zeek
Stars: ✭ 41 (+173.33%)
ioc-fangerFang and defang indicators of compromise. You can test this project in a GUI here: http://ioc-fanger.hightower.space .
Stars: ✭ 47 (+213.33%)
uacUAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
Stars: ✭ 260 (+1633.33%)
TheHiveHooksThis is a python tool aiming to make using TheHive webhooks easier.
Stars: ✭ 22 (+46.67%)
pyarascannerA simple many-rules to many-files YARA scanner for incident response or malware zoos.
Stars: ✭ 23 (+53.33%)
DFIR-O365RCPowerShell module for Office 365 and Azure log collection
Stars: ✭ 158 (+953.33%)
mail to mispConnect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.
Stars: ✭ 61 (+306.67%)
MurMurHashThis little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.
Stars: ✭ 79 (+426.67%)
CCXDiggerThe CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Stars: ✭ 45 (+200%)
sqhunterA simple threat hunting tool based on osquery, Salt Open and Cymon API
Stars: ✭ 64 (+326.67%)
DetectionlabAutomate the creation of a lab environment complete with security tooling and logging best practices
Stars: ✭ 3,237 (+21480%)
QueriesSQLite queries
Stars: ✭ 57 (+280%)
DfirtrackDFIRTrack - The Incident Response Tracking Application
Stars: ✭ 232 (+1446.67%)
EvilizeParses Windows event logs files based on SANS Poster
Stars: ✭ 24 (+60%)
Threathunter PlaybookA Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
Stars: ✭ 2,879 (+19093.33%)
hayabusaHayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Stars: ✭ 908 (+5953.33%)
UserlineQuery and report user logons relations from MS Windows Security Events
Stars: ✭ 221 (+1373.33%)
awesome-intelligence-writingAwesome collection of great and useful resources concerning intelligence writing such as manuals/guides, standards, books, and articles
Stars: ✭ 285 (+1800%)
SlidesMisc Threat Hunting Resources
Stars: ✭ 203 (+1253.33%)
csirtg-smrt-v1the fastest way to consume threat intelligence.
Stars: ✭ 27 (+80%)
PockintA portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️
Stars: ✭ 196 (+1206.67%)
ad-privileged-auditProvides various Windows Server Active Directory (AD) security-focused reports.
Stars: ✭ 42 (+180%)
LinuxforensicsEverything related to Linux Forensics
Stars: ✭ 189 (+1160%)
WhidsOpen Source EDR for Windows
Stars: ✭ 188 (+1153.33%)
Misp WarninglistsWarning lists to inform users of MISP about potential false-positives or other information in indicators
Stars: ✭ 184 (+1126.67%)
Splunk-ETWA Splunk Technology Add-on to forward filtered ETW events.
Stars: ✭ 26 (+73.33%)
GetConsoleHistoryAndOutputAn Incident Response tool to extract console command history and screen output buffer
Stars: ✭ 41 (+173.33%)
Imago ForensicsImago is a python tool that extract digital evidences from images.
Stars: ✭ 175 (+1066.67%)
ZombieantZombie Ant Farm: Primitives and Offensive Tooling for Linux EDR evasion.
Stars: ✭ 169 (+1026.67%)