251 Open source projects that are alternatives of or similar to truehunter

Scripts to process macOS forensic artifacts

Examine, create and interact with remote objects in other .NET processes.

A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.

My solutions to the 2020 NSA Codebreaker Challenge

Resources for DFIR Professionals Responding to the REvil Ransomware Kaseya Supply Chain Attack

A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.

Code for the DIMVA 2018 paper: "MemScrimper: Time- and Space-Efficient Storage of Malware Sandbox Memory Dumps"

🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system

The Python implementation of the AFF4 standard.

Boltzmann entropy of a landscape gradient

sabre: Spatial Association Between REgionalizations

A program and toolset to analyze iDevice USB sessions

Validates yara rules and tries to repair the broken ones.

Red-team tool to hook libc read syscall with a buffer overflow vulnerability.

Algorithms for causal inference and the detection of dynamical coupling from time series, and for approximation of the transfer operator and invariant measures.

No description or website provided.

Documentation for Zeek

CorBinian: A toolbox for modelling and simulating high-dimensional binary and count-data with correlations

No description or website provided.

This is a python tool aiming to make using TheHive webhooks easier.

Catalyst is an open source SOAR system that helps to automate alert handling and incident response processes

Change CRC checksums of your files.

Ingestors extract the contents of mixed unstructured documents into structured (followthemoney) data.

A simple many-rules to many-files YARA scanner for incident response or malware zoos.

Python tool and library to help analyze files during malware triage and analysis.

Program for determining types of files for Windows, Linux and MacOS.

Simple web-based password generator

Tools for inspecting disk images

Searches through git repositories for high entropy strings and secrets, digging deep into commit history

Incident Response Scripts

Prowler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.

Searches through git repositories for high entropy strings and secrets, digging deep into commit history

noisy labels; missing labels; semi-supervised learning; entropy; uncertainty; robustness and generalisation.

Generate passwords and analyze their strength given physical limits to computation

DDTTX Tabletop Trainings

Recover files from damaged BTRFS filesystems

UNIX-like reverse engineering framework and command-line toolset

inVtero.net: A high speed (Gbps) Forensics, Memory integrity & assurance. Includes offensive & defensive memory capabilities. Find/Extract processes, hypervisors (including nested) in memory dumps using microarchitechture independent Virtual Machiene Introspection techniques

[180+ scripts] There are a few genuine gems in there. And a lot of spaghetti code. Most of these scripts were for solving CTF's. If you googles something for a CTF and landed here look at the scripts they're all fairly malleable. Sorry for the shitty naming conventions (not really). If you are a recruiter stop. I wont be able to rewrite half thi…

Set of Yara rules for finding files using magics headers

Official Black Hat Arsenal Security Tools Repository

Android process memory dump tool without ndk.

A collection of tools for forensic analysis

FAT filesystems explore, extract, repair, and forensic tool

Analyst Unknown Cyber Range - a micro web service framework

Extract WhatsApp private key from any non-rooted Android device (Android 7+ supported)

A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.

Robot Hacking Manual (RHM). From robotics to cybersecurity. Papers, notes and writeups from a journey into robot cybersecurity.

A Splunk Technology Add-on to forward filtered ETW events.

Useful CTF Tools

Advanced and easy to use penetration testing framework 💣🔎

This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.

SQBrite is a data recovery tool for SQLite databases

Merge multiple pcap files together, gracefully.

SIEM Tactics, Techiques, and Procedures

Awesome list of digital forensic tools

The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.

An AFF4 C++ implementation.

MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR

LIFARS Networking Security GNU/Linux distro