ThehiveTheHive: a Scalable, Open Source and Free Security Incident Response Platform
Stars: ✭ 2,300 (+10354.55%)
Docker-TemplatesDocker configurations for TheHive, Cortex and 3rd party tools
Stars: ✭ 71 (+222.73%)
Sysmon ModularA repository of sysmon configuration modules
Stars: ✭ 1,229 (+5486.36%)
YetiYour Everyday Threat Intelligence
Stars: ✭ 1,037 (+4613.64%)
HistoricprocesstreeAn Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree view.
Stars: ✭ 46 (+109.09%)
Awesome ForensicsA curated list of awesome forensic analysis tools and resources
Stars: ✭ 1,775 (+7968.18%)
WhidsOpen Source EDR for Windows
Stars: ✭ 188 (+754.55%)
MimirSmart OSINT collection of common IOC types
Stars: ✭ 63 (+186.36%)
Atc ReactA knowledge base of actionable Incident Response techniques
Stars: ✭ 226 (+927.27%)
Artifacts📇 Digital Forensics Artifact Repository (forensicanalysis edition)
Stars: ✭ 21 (-4.55%)
LogontracerInvestigate malicious Windows logon by visualizing and analyzing Windows event log
Stars: ✭ 1,914 (+8600%)
LolbasLiving Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Stars: ✭ 1,506 (+6745.45%)
PypowershellxrayPython script to decode common encoded PowerShell scripts
Stars: ✭ 192 (+772.73%)
MaliceVirusTotal Wanna Be - Now with 100% more Hipster
Stars: ✭ 1,253 (+5595.45%)
Vast🔮 Visibility Across Space and Time
Stars: ✭ 227 (+931.82%)
Lw YaraYara Ruleset for scanning Linux servers for shells, spamming, phishing and other webserver baddies
Stars: ✭ 78 (+254.55%)
Imago ForensicsImago is a python tool that extract digital evidences from images.
Stars: ✭ 175 (+695.45%)
ScriptingPS / Bash / Python / Other scripts For FUN!
Stars: ✭ 47 (+113.64%)
AdtimelineTimeline of Active Directory changes with replication metadata
Stars: ✭ 252 (+1045.45%)
BeagleBeagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Stars: ✭ 976 (+4336.36%)
OrianaOriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
Stars: ✭ 152 (+590.91%)
ThreathuntingA Splunk app mapped to MITRE ATT&CK to guide your threat hunts
Stars: ✭ 738 (+3254.55%)
MalwlessTest Blue Team detections without running any attack.
Stars: ✭ 215 (+877.27%)
Cyberchef RecipesA list of cyber-chef recipes and curated links
Stars: ✭ 619 (+2713.64%)
TimesketchCollaborative forensic timeline analysis
Stars: ✭ 1,795 (+8059.09%)
DiffyDiffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
Stars: ✭ 555 (+2422.73%)
PockintA portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️
Stars: ✭ 196 (+790.91%)
KiewtaiA port of Kaitai to the Hiew hex editor
Stars: ✭ 108 (+390.91%)
DfirtrackDFIRTrack - The Incident Response Tracking Application
Stars: ✭ 232 (+954.55%)
ThreathuntThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.
Stars: ✭ 92 (+318.18%)
LinuxforensicsEverything related to Linux Forensics
Stars: ✭ 189 (+759.09%)
CCXDiggerThe CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Stars: ✭ 45 (+104.55%)
Signature BaseSignature base for my scanner tools
Stars: ✭ 1,212 (+5409.09%)
Misp WarninglistsWarning lists to inform users of MISP about potential false-positives or other information in indicators
Stars: ✭ 184 (+736.36%)
Etl ParserEvent Trace Log file parser in pure Python
Stars: ✭ 66 (+200%)
Threathunter PlaybookA Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
Stars: ✭ 2,879 (+12986.36%)
AutotimelinerAutomagically extract forensic timeline from volatile memory dump
Stars: ✭ 54 (+145.45%)
ZombieantZombie Ant Farm: Primitives and Offensive Tooling for Linux EDR evasion.
Stars: ✭ 169 (+668.18%)
PackratLive system forensic collector
Stars: ✭ 16 (-27.27%)
MalcomMalcom - Malware Communications Analyzer
Stars: ✭ 988 (+4390.91%)
LokiLoki - Simple IOC and Incident Response Scanner
Stars: ✭ 2,217 (+9977.27%)
Forensic ToolsCIRCL system forensic tools or a jumble of tools to support forensic
Stars: ✭ 27 (+22.73%)
UserlineQuery and report user logons relations from MS Windows Security Events
Stars: ✭ 221 (+904.55%)
Cortex4pyPython API Client for Cortex
Stars: ✭ 22 (+0%)
Thehive4pyPython API Client for TheHive
Stars: ✭ 143 (+550%)
MemlabsEducational, CTF-styled labs for individuals interested in Memory Forensics
Stars: ✭ 696 (+3063.64%)
DetectionlabAutomate the creation of a lab environment complete with security tooling and logging best practices
Stars: ✭ 3,237 (+14613.64%)
CortexCortex: a Powerful Observable Analysis and Active Response Engine
Stars: ✭ 676 (+2972.73%)
MthcAll-in-one bundle of MISP, TheHive and Cortex
Stars: ✭ 134 (+509.09%)
HindsightWeb browser forensics for Google Chrome/Chromium
Stars: ✭ 589 (+2577.27%)
SlidesMisc Threat Hunting Resources
Stars: ✭ 203 (+822.73%)
TurbiniaAutomation and Scaling of Digital Forensics Tools
Stars: ✭ 461 (+1995.45%)
CirtkitTools for the Computer Incident Response Team 💻
Stars: ✭ 117 (+431.82%)
pyarascannerA simple many-rules to many-files YARA scanner for incident response or malware zoos.
Stars: ✭ 23 (+4.55%)
EventTranscript.db-ResearchA repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.
Stars: ✭ 33 (+50%)
Dfir OrcForensics artefact collection tool for systems running Microsoft Windows
Stars: ✭ 202 (+818.18%)