WefflesBuild a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI
Stars: ✭ 176 (+238.46%)
WatcherWatcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
Stars: ✭ 324 (+523.08%)
YAFRAYAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.
Stars: ✭ 22 (-57.69%)
PatrowlmanagerPatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Stars: ✭ 363 (+598.08%)
PatrowldocsPatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 105 (+101.92%)
BeagleBeagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Stars: ✭ 976 (+1776.92%)
evtx-hunterevtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.
Stars: ✭ 122 (+134.62%)
ir scriptsincident response scripts
Stars: ✭ 17 (-67.31%)
Apt HunterAPT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
Stars: ✭ 297 (+471.15%)
ThreatpinchlookupDocumentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Stars: ✭ 257 (+394.23%)
OrianaOriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
Stars: ✭ 152 (+192.31%)
IntelowlIntel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
Stars: ✭ 2,114 (+3965.38%)
MthcAll-in-one bundle of MISP, TheHive and Cortex
Stars: ✭ 134 (+157.69%)
Ioc ExplorerExplore Indicators of Compromise Automatically
Stars: ✭ 73 (+40.38%)
ThreathuntThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.
Stars: ✭ 92 (+76.92%)
fastfinderIncident Response - Fast suspicious file finder
Stars: ✭ 116 (+123.08%)
rhqRecon Hunt Queries
Stars: ✭ 66 (+26.92%)
FclFCL (Fileless Command Lines) - Known command lines of fileless malicious executions
Stars: ✭ 409 (+686.54%)
PatrowlenginesPatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 162 (+211.54%)
MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (+330.77%)
Judge-Jury-and-ExecutableA file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.
Stars: ✭ 66 (+26.92%)
LeSslCertToAzurePowershell Module that creates a SSL/TLS Certificate with Let's Encrypt Service and apply to an Azure Application Gateway.
Stars: ✭ 14 (-73.08%)
Sorlov.PowerShellThis is the public version of Sorlov.PowerShell Self-Hosted Executable Extensions for Powershell
Stars: ✭ 22 (-57.69%)
PackratLive system forensic collector
Stars: ✭ 16 (-69.23%)
ELK-HuntingThreat Hunting with ELK Workshop (InfoSecWorld 2017)
Stars: ✭ 58 (+11.54%)
ps-bash-completionsBridge to enable bash completions to be run from within PowerShell.
Stars: ✭ 61 (+17.31%)
PowerSponsePowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.
Stars: ✭ 35 (-32.69%)
PSPasswordExpiryNotificationsFollowing PowerShell Module provides different approach to scheduling password notifications for expiring Active Directory based accounts. While most of the scripts require knowledge on HTML... this one is just one config file and a bit of tingling around with texts. Whether this is good or bad it's up to you to decide. I do plan to add an optio…
Stars: ✭ 38 (-26.92%)
iris-webCollaborative Incident Response platform
Stars: ✭ 560 (+976.92%)
PowerVCFPowerVCF: A PowerShell Module for VMware Cloud Foundation
Stars: ✭ 25 (-51.92%)
SSHapendoesCapture passwords of login attempts on non-existent and disabled accounts.
Stars: ✭ 31 (-40.38%)
pyarascannerA simple many-rules to many-files YARA scanner for incident response or malware zoos.
Stars: ✭ 23 (-55.77%)
csirtg-smrt-v1the fastest way to consume threat intelligence.
Stars: ✭ 27 (-48.08%)
mail to mispConnect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.
Stars: ✭ 61 (+17.31%)
PSBlackListCheckerBasic functionality of this module is ability to quickly verify if given IP address is on any of over 80 defined DNSBL lists. Below code will return results only if IP is on any of the lists. Advanced functionality of this module is ability to send reports to your email when things get bad on one of those 80 defined DNSBL listrs.
Stars: ✭ 50 (-3.85%)
CCXDiggerThe CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Stars: ✭ 45 (-13.46%)
MEATThis toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices
Stars: ✭ 101 (+94.23%)
PowerFGTPowerShell module to manage Fortinet (FortiGate) Firewall
Stars: ✭ 80 (+53.85%)
PSRule.Rules.CAFA suite of rules to validate Azure resources against the Cloud Adoption Framework (CAF) using PSRule.
Stars: ✭ 54 (+3.85%)
malware-persistenceCollection of malware persistence and hunting information. Be a persistent persistence hunter!
Stars: ✭ 109 (+109.62%)
thremulation-stationSmall-scale threat emulation and detection range built on Elastic and Atomic Redteam.
Stars: ✭ 28 (-46.15%)
OutSystems.SetupToolsPowershell module to install and manage the OutSystems platform
Stars: ✭ 20 (-61.54%)
ThePhishThePhish: an automated phishing email analysis tool
Stars: ✭ 676 (+1200%)
assisted-log-enabler-for-awsAssisted Log Enabler for AWS - Find AWS resources that are not logging, and turn them on.
Stars: ✭ 167 (+221.15%)
INDXRipperCarve file metadata from NTFS index ($I30) attributes
Stars: ✭ 32 (-38.46%)
RdpCacheStitcherRdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
Stars: ✭ 176 (+238.46%)
AsnASN / RPKI validity / BGP stats / IPv4v6 / Prefix / URL / ASPath / Organization / IP reputation and geolocation lookup tool / Traceroute server
Stars: ✭ 242 (+365.38%)
DfirtrackDFIRTrack - The Incident Response Tracking Application
Stars: ✭ 232 (+346.15%)
SysmonResourcesConsolidation of various resources related to Microsoft Sysmon & sample data/log
Stars: ✭ 64 (+23.08%)
Vast🔮 Visibility Across Space and Time
Stars: ✭ 227 (+336.54%)
Atc ReactA knowledge base of actionable Incident Response techniques
Stars: ✭ 226 (+334.62%)
PowerRunAsAttachedThis script allows to spawn a new interactive console as another user account in the same calling console (console instance/window).
Stars: ✭ 78 (+50%)
DomainCATDomain Connectivity Analysis Tools to analyze aggregate connectivity patterns across a set of domains during security investigations
Stars: ✭ 34 (-34.62%)
Wazuh DockerWazuh - Docker containers
Stars: ✭ 213 (+309.62%)
macOS-irPrototype to collect data and analyse it from a compromised macOS device.
Stars: ✭ 16 (-69.23%)
ScotSandia Cyber Omni Tracker (SCOT)
Stars: ✭ 206 (+296.15%)