WindowsDFIRRepository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or events.
Stars: ✭ 51 (-93.09%)
Attack ScriptsScripts and a (future) library to improve users' interactions with the ATT&CK content
Stars: ✭ 290 (-60.7%)
decwindbxA sort of a toolkit to decrypt Dropbox Windows DBX files
Stars: ✭ 22 (-97.02%)
RecuperabitA tool for forensic file system reconstruction.
Stars: ✭ 280 (-62.06%)
Cyberchef RecipesA list of cyber-chef recipes and curated links
Stars: ✭ 619 (-16.12%)
artifactcollector🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system
Stars: ✭ 140 (-81.03%)
Security OnionSecurity Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management
Stars: ✭ 2,956 (+300.54%)
ShuffleShuffle: A general purpose security automation platform platform. We focus on accessibility for all.
Stars: ✭ 424 (-42.55%)
cycat-serviceCyCAT.org API back-end server including crawlers
Stars: ✭ 25 (-96.61%)
LolbasLiving Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Stars: ✭ 3,810 (+416.26%)
LevelDBDumperDumps all of the Key/Value pairs from a LevelDB database
Stars: ✭ 23 (-96.88%)
attack-evalsATT&CK Evaluations website (DEPRECATED)
Stars: ✭ 57 (-92.28%)
detection-rulesThreat Detection & Anomaly Detection rules for popular open-source components
Stars: ✭ 34 (-95.39%)
ZeekZeek is a powerful network analysis framework that is much different from the typical IDS you may know.
Stars: ✭ 4,180 (+466.4%)
Get-NetworkConnectionEdited version of Lee Christensen's Get-NetworkConnection which includes timestamp for each network connection
Stars: ✭ 34 (-95.39%)
DnstwistDomain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
Stars: ✭ 3,124 (+323.31%)
HindsightWeb browser forensics for Google Chrome/Chromium
Stars: ✭ 589 (-20.19%)
smram parseSystem Management RAM analysis tool
Stars: ✭ 50 (-93.22%)
PSTraceTrace ScriptBlock execution for powershell v2
Stars: ✭ 38 (-94.85%)
WELAWELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
Stars: ✭ 442 (-40.11%)
PatrowlmanagerPatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Stars: ✭ 363 (-50.81%)
ScrummageThe Ultimate OSINT and Threat Hunting Framework
Stars: ✭ 355 (-51.9%)
YobiYara Based Detection Engine for web browsers
Stars: ✭ 39 (-94.72%)
MemlabsEducational, CTF-styled labs for individuals interested in Memory Forensics
Stars: ✭ 696 (-5.69%)
Mac aptmacOS Artifact Parsing Tool
Stars: ✭ 329 (-55.42%)
file watchtowerLightweight File Integrity Monitoring Tool
Stars: ✭ 27 (-96.34%)
Docker-TemplatesDocker configurations for TheHive, Cortex and 3rd party tools
Stars: ✭ 71 (-90.38%)
hassh-utilshassh-utils: Nmap NSE Script and Docker image for HASSH - the SSH client/server fingerprinting method (https://github.com/salesforce/hassh)
Stars: ✭ 41 (-94.44%)
yara-rulesYara rules written by me, for free use.
Stars: ✭ 13 (-98.24%)
ThehivedocsDocumentation of TheHive
Stars: ✭ 353 (-52.17%)
EvilizeParses Windows event logs files based on SANS Poster
Stars: ✭ 24 (-96.75%)
DFIR-O365RCPowerShell module for Office 365 and Azure log collection
Stars: ✭ 158 (-78.59%)
DiffyDiffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
Stars: ✭ 555 (-24.8%)
ad-privileged-auditProvides various Windows Server Active Directory (AD) security-focused reports.
Stars: ✭ 42 (-94.31%)
nsm-attackMapping NSM rules to MITRE ATT&CK
Stars: ✭ 53 (-92.82%)
uacUAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
Stars: ✭ 260 (-64.77%)
WatcherWatcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
Stars: ✭ 324 (-56.1%)
pybinaryedgePython 3 Wrapper for the BinaryEdge API https://www.binaryedge.io/
Stars: ✭ 16 (-97.83%)
sqhunterA simple threat hunting tool based on osquery, Salt Open and Cymon API
Stars: ✭ 64 (-91.33%)
YaraHuntsRandom hunting ordiented yara rules
Stars: ✭ 86 (-88.35%)
Opensource-Endpoint-MonitoringThis repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.
Stars: ✭ 30 (-95.93%)
CDIRCDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library
Stars: ✭ 122 (-83.47%)
ETWNetMonv3ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
Stars: ✭ 32 (-95.66%)
CortexCortex: a Powerful Observable Analysis and Active Response Engine
Stars: ✭ 676 (-8.4%)
FattFATT /fingerprintAllTheThings - a pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic
Stars: ✭ 490 (-33.6%)
Ir RescueA Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
Stars: ✭ 311 (-57.86%)
irmaenpoint detection / live analysis & sandbox host / signatures quality test
Stars: ✭ 25 (-96.61%)
AUCRAnalyst Unknown Cyber Range - a micro web service framework
Stars: ✭ 24 (-96.75%)
Splunk-ETWA Splunk Technology Add-on to forward filtered ETW events.
Stars: ✭ 26 (-96.48%)
MispMISP (core software) - Open Source Threat Intelligence and Sharing Platform
Stars: ✭ 3,485 (+372.22%)
minerchkBash script to Check for malicious Cryptomining
Stars: ✭ 36 (-95.12%)
PowerGRRPowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.
Stars: ✭ 52 (-92.95%)