MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (+376.6%)
CDIRCDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library
Stars: ✭ 122 (+159.57%)
Docker-TemplatesDocker configurations for TheHive, Cortex and 3rd party tools
Stars: ✭ 71 (+51.06%)
Imago ForensicsImago is a python tool that extract digital evidences from images.
Stars: ✭ 175 (+272.34%)
Vast🔮 Visibility Across Space and Time
Stars: ✭ 227 (+382.98%)
MEATThis toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices
Stars: ✭ 101 (+114.89%)
hayabusaHayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Stars: ✭ 908 (+1831.91%)
Ir RescueA Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
Stars: ✭ 311 (+561.7%)
fastfinderIncident Response - Fast suspicious file finder
Stars: ✭ 116 (+146.81%)
BeagleBeagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Stars: ✭ 976 (+1976.6%)
Thehive4pyPython API Client for TheHive
Stars: ✭ 143 (+204.26%)
OrianaOriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
Stars: ✭ 152 (+223.4%)
Atc ReactA knowledge base of actionable Incident Response techniques
Stars: ✭ 226 (+380.85%)
PypowershellxrayPython script to decode common encoded PowerShell scripts
Stars: ✭ 192 (+308.51%)
binary viewerA binary visualization tool to aid with reverse engineering and malware detection similar to Cantor.Dust
Stars: ✭ 55 (+17.02%)
RdpCacheStitcherRdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
Stars: ✭ 176 (+274.47%)
INDXRipperCarve file metadata from NTFS index ($I30) attributes
Stars: ✭ 32 (-31.91%)
DetectionlabAutomate the creation of a lab environment complete with security tooling and logging best practices
Stars: ✭ 3,237 (+6787.23%)
HelvetaCSModern C++ CS:GO base
Stars: ✭ 41 (-12.77%)
wownedAuthentication bypass for outdated WoW emulation authentication servers
Stars: ✭ 32 (-31.91%)
KuiperDigital Forensics Investigation Platform
Stars: ✭ 257 (+446.81%)
minerchkBash script to Check for malicious Cryptomining
Stars: ✭ 36 (-23.4%)
Osquery ConfigurationA repository for using osquery for incident detection and response
Stars: ✭ 618 (+1214.89%)
HvmiHypervisor Memory Introspection Core Library
Stars: ✭ 438 (+831.91%)
CortexCortex: a Powerful Observable Analysis and Active Response Engine
Stars: ✭ 676 (+1338.3%)
MthcAll-in-one bundle of MISP, TheHive and Cortex
Stars: ✭ 134 (+185.11%)
ThehiveTheHive: a Scalable, Open Source and Free Security Incident Response Platform
Stars: ✭ 2,300 (+4793.62%)
KiewtaiA port of Kaitai to the Hiew hex editor
Stars: ✭ 108 (+129.79%)
Dfir OrcForensics artefact collection tool for systems running Microsoft Windows
Stars: ✭ 202 (+329.79%)
PockintA portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️
Stars: ✭ 196 (+317.02%)
DfirtrackDFIRTrack - The Incident Response Tracking Application
Stars: ✭ 232 (+393.62%)
ThreathuntThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.
Stars: ✭ 92 (+95.74%)
pyarascannerA simple many-rules to many-files YARA scanner for incident response or malware zoos.
Stars: ✭ 23 (-51.06%)
PackratLive system forensic collector
Stars: ✭ 16 (-65.96%)
ThePhishThePhish: an automated phishing email analysis tool
Stars: ✭ 676 (+1338.3%)
CCXDiggerThe CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Stars: ✭ 45 (-4.26%)
DLL-INJECTORI created a dll injector I am going to Open source its Code. But remember one thing that is any one can use it only for Educational purpose .I again say do not use it to damage anyone's Computer.But one thing if you are using it for some good purpose like to help someone who really need help then I permit you to use it.
Stars: ✭ 14 (-70.21%)
Cortex4pyPython API Client for Cortex
Stars: ✭ 22 (-53.19%)
uacUAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
Stars: ✭ 260 (+453.19%)
Lw YaraYara Ruleset for scanning Linux servers for shells, spamming, phishing and other webserver baddies
Stars: ✭ 78 (+65.96%)
catalystCatalyst is an open source SOAR system that helps to automate alert handling and incident response processes
Stars: ✭ 91 (+93.62%)
MemProcFS-AnalyzerMemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
Stars: ✭ 89 (+89.36%)
ir scriptsincident response scripts
Stars: ✭ 17 (-63.83%)
mhA memory editor for iOS/macOS with JavaScript support
Stars: ✭ 35 (-25.53%)
ThreatpinchlookupDocumentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Stars: ✭ 257 (+446.81%)
rhqRecon Hunt Queries
Stars: ✭ 66 (+40.43%)
ThehivedocsDocumentation of TheHive
Stars: ✭ 353 (+651.06%)
EvilizeParses Windows event logs files based on SANS Poster
Stars: ✭ 24 (-48.94%)
FclFCL (Fileless Command Lines) - Known command lines of fileless malicious executions
Stars: ✭ 409 (+770.21%)
Cyberchef RecipesA list of cyber-chef recipes and curated links
Stars: ✭ 619 (+1217.02%)
LadongoLadon Pentest Scanner framework 全平台LadonGo开源内网渗透扫描器框架,使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost,远程执行SSH/Winrm,密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis,端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机,端口扫描服务识别PortScan。
Stars: ✭ 366 (+678.72%)
DrsemuDrSemu - Sandboxed Malware Detection and Classification Tool Based on Dynamic Behavior
Stars: ✭ 237 (+404.26%)
PSTraceTrace ScriptBlock execution for powershell v2
Stars: ✭ 38 (-19.15%)
MemoryjsRead and write process memory in Node.js (Windows API functions exposed via Node bindings)
Stars: ✭ 371 (+689.36%)
HistoricprocesstreeAn Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree view.
Stars: ✭ 46 (-2.13%)
TegrarcmguiC++ GUI for TegraRcmSmash (Fusée Gelée exploit for Nintendo Switch)
Stars: ✭ 965 (+1953.19%)