ir scriptsincident response scripts
Stars: ✭ 17 (-81.52%)
ThreatpinchlookupDocumentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Stars: ✭ 257 (+179.35%)
MthcAll-in-one bundle of MISP, TheHive and Cortex
Stars: ✭ 134 (+45.65%)
fastfinderIncident Response - Fast suspicious file finder
Stars: ✭ 116 (+26.09%)
MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (+143.48%)
rhqRecon Hunt Queries
Stars: ✭ 66 (-28.26%)
BeagleBeagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Stars: ✭ 976 (+960.87%)
OrianaOriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
Stars: ✭ 152 (+65.22%)
Cortex4pyPython API Client for Cortex
Stars: ✭ 22 (-76.09%)
INDXRipperCarve file metadata from NTFS index ($I30) attributes
Stars: ✭ 32 (-65.22%)
Sysmon ModularA repository of sysmon configuration modules
Stars: ✭ 1,229 (+1235.87%)
CCXDiggerThe CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Stars: ✭ 45 (-51.09%)
PackratLive system forensic collector
Stars: ✭ 16 (-82.61%)
Blue-Team-NotesYou didn't think I'd go and leave the blue team out, right?
Stars: ✭ 899 (+877.17%)
TA-Sysmon-deployDeploy and maintain Symon through the Splunk Deployment Sever
Stars: ✭ 31 (-66.3%)
uacUAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
Stars: ✭ 260 (+182.61%)
CDIRCDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library
Stars: ✭ 122 (+32.61%)
ScriptingPS / Bash / Python / Other scripts For FUN!
Stars: ✭ 47 (-48.91%)
HistoricprocesstreeAn Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree view.
Stars: ✭ 46 (-50%)
ad-privileged-auditProvides various Windows Server Active Directory (AD) security-focused reports.
Stars: ✭ 42 (-54.35%)
PSTraceTrace ScriptBlock execution for powershell v2
Stars: ✭ 38 (-58.7%)
CortexCortex: a Powerful Observable Analysis and Active Response Engine
Stars: ✭ 676 (+634.78%)
catalystCatalyst is an open source SOAR system that helps to automate alert handling and incident response processes
Stars: ✭ 91 (-1.09%)
YAFRAYAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.
Stars: ✭ 22 (-76.09%)
Cyberchef RecipesA list of cyber-chef recipes and curated links
Stars: ✭ 619 (+572.83%)
evtx-hunterevtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.
Stars: ✭ 122 (+32.61%)
pyarascannerA simple many-rules to many-files YARA scanner for incident response or malware zoos.
Stars: ✭ 23 (-75%)
DfirtrackDFIRTrack - The Incident Response Tracking Application
Stars: ✭ 232 (+152.17%)
MEATThis toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices
Stars: ✭ 101 (+9.78%)
RdpCacheStitcherRdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
Stars: ✭ 176 (+91.3%)
Vast🔮 Visibility Across Space and Time
Stars: ✭ 227 (+146.74%)
ThreathuntingA Splunk app mapped to MITRE ATT&CK to guide your threat hunts
Stars: ✭ 738 (+702.17%)
ETWNetMonv3ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
Stars: ✭ 32 (-65.22%)
Signature BaseSignature base for my scanner tools
Stars: ✭ 1,212 (+1217.39%)
PowerGRRPowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.
Stars: ✭ 52 (-43.48%)
YetiYour Everyday Threat Intelligence
Stars: ✭ 1,037 (+1027.17%)
Docker-TemplatesDocker configurations for TheHive, Cortex and 3rd party tools
Stars: ✭ 71 (-22.83%)
Threathunter PlaybookA Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
Stars: ✭ 2,879 (+3029.35%)
KuiperDigital Forensics Investigation Platform
Stars: ✭ 257 (+179.35%)
BLUELAYSearches online paste sites for certain search terms which can indicate a possible data breach.
Stars: ✭ 24 (-73.91%)
Opensource-Endpoint-MonitoringThis repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.
Stars: ✭ 30 (-67.39%)
AttackdatamapA datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
Stars: ✭ 264 (+186.96%)
DetectionlabelkDetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
Stars: ✭ 273 (+196.74%)
GDPatrolA Lambda-powered Security Orchestration framework for AWS GuardDuty
Stars: ✭ 50 (-45.65%)
ThehivedocsDocumentation of TheHive
Stars: ✭ 353 (+283.7%)
LolbasLiving Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Stars: ✭ 3,810 (+4041.3%)
MemProcFS-AnalyzerMemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
Stars: ✭ 89 (-3.26%)
WatcherWatcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
Stars: ✭ 324 (+252.17%)
PatrowlmanagerPatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Stars: ✭ 363 (+294.57%)
Ioc ExplorerExplore Indicators of Compromise Automatically
Stars: ✭ 73 (-20.65%)
FclFCL (Fileless Command Lines) - Known command lines of fileless malicious executions
Stars: ✭ 409 (+344.57%)
Ir RescueA Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
Stars: ✭ 311 (+238.04%)
ThreatingestorExtract and aggregate threat intelligence.
Stars: ✭ 439 (+377.17%)
MalwlessTest Blue Team detections without running any attack.
Stars: ✭ 215 (+133.7%)
Atc ReactA knowledge base of actionable Incident Response techniques
Stars: ✭ 226 (+145.65%)
EvilizeParses Windows event logs files based on SANS Poster
Stars: ✭ 24 (-73.91%)
Apt HunterAPT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
Stars: ✭ 297 (+222.83%)