MacForensicsScripts to process macOS forensic artifacts
Stars: ✭ 118 (+293.33%)
RemoteNETExamine, create and interact with remote objects in other .NET processes.
Stars: ✭ 29 (-3.33%)
Judge-Jury-and-ExecutableA file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.
Stars: ✭ 66 (+120%)
DFIR Resources REvil KaseyaResources for DFIR Professionals Responding to the REvil Ransomware Kaseya Supply Chain Attack
Stars: ✭ 172 (+473.33%)
EventTranscript.db-ResearchA repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.
Stars: ✭ 33 (+10%)
memscrimperCode for the DIMVA 2018 paper: "MemScrimper: Time- and Space-Efficient Storage of Malware Sandbox Memory Dumps"
Stars: ✭ 25 (-16.67%)
artifactcollector🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system
Stars: ✭ 140 (+366.67%)
pyaff4The Python implementation of the AFF4 standard.
Stars: ✭ 37 (+23.33%)
belgBoltzmann entropy of a landscape gradient
Stars: ✭ 14 (-53.33%)
sabresabre: Spatial Association Between REgionalizations
Stars: ✭ 34 (+13.33%)
demuxusbA program and toolset to analyze iDevice USB sessions
Stars: ✭ 25 (-16.67%)
yara-validatorValidates yara rules and tries to repair the broken ones.
Stars: ✭ 37 (+23.33%)
readhookRed-team tool to hook libc read syscall with a buffer overflow vulnerability.
Stars: ✭ 31 (+3.33%)
CausalityTools.jlAlgorithms for causal inference and the detection of dynamical coupling from time series, and for approximation of the transfer operator and invariant measures.
Stars: ✭ 45 (+50%)
zeek-docsDocumentation for Zeek
Stars: ✭ 41 (+36.67%)
CorBinianCorBinian: A toolbox for modelling and simulating high-dimensional binary and count-data with correlations
Stars: ✭ 15 (-50%)
TheHiveHooksThis is a python tool aiming to make using TheHive webhooks easier.
Stars: ✭ 22 (-26.67%)
catalystCatalyst is an open source SOAR system that helps to automate alert handling and incident response processes
Stars: ✭ 91 (+203.33%)
ingest-fileIngestors extract the contents of mixed unstructured documents into structured (followthemoney) data.
Stars: ✭ 40 (+33.33%)
pyarascannerA simple many-rules to many-files YARA scanner for incident response or malware zoos.
Stars: ✭ 23 (-23.33%)
pftriagePython tool and library to help analyze files during malware triage and analysis.
Stars: ✭ 77 (+156.67%)
Detect It EasyProgram for determining types of files for Windows, Linux and MacOS.
Stars: ✭ 2,982 (+9840%)
webpassgenSimple web-based password generator
Stars: ✭ 111 (+270%)
vminspectTools for inspecting disk images
Stars: ✭ 25 (-16.67%)
truffleHogSearches through git repositories for high entropy strings and secrets, digging deep into commit history
Stars: ✭ 6,319 (+20963.33%)
IRScriptsIncident Response Scripts
Stars: ✭ 29 (-3.33%)
prowlerProwler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.
Stars: ✭ 8,046 (+26720%)
TrufflehogSearches through git repositories for high entropy strings and secrets, digging deep into commit history
Stars: ✭ 6,225 (+20650%)
ProSelfLC-2021noisy labels; missing labels; semi-supervised learning; entropy; uncertainty; robustness and generalisation.
Stars: ✭ 45 (+50%)
moacGenerate passwords and analyze their strength given physical limits to computation
Stars: ✭ 16 (-46.67%)
DDTTXDDTTX Tabletop Trainings
Stars: ✭ 22 (-26.67%)
btrfscueRecover files from damaged BTRFS filesystems
Stars: ✭ 28 (-6.67%)
Radare2UNIX-like reverse engineering framework and command-line toolset
Stars: ✭ 15,412 (+51273.33%)
Invtero.netinVtero.net: A high speed (Gbps) Forensics, Memory integrity & assurance. Includes offensive & defensive memory capabilities. Find/Extract processes, hypervisors (including nested) in memory dumps using microarchitechture independent Virtual Machiene Introspection techniques
Stars: ✭ 237 (+690%)
CTF-Script-And-Template-Thrift-Shop[180+ scripts] There are a few genuine gems in there. And a lot of spaghetti code. Most of these scripts were for solving CTF's. If you googles something for a CTF and landed here look at the scripts they're all fairly malleable. Sorry for the shitty naming conventions (not really). If you are a recruiter stop. I wont be able to rewrite half thi…
Stars: ✭ 38 (+26.67%)
yara-forensicsSet of Yara rules for finding files using magics headers
Stars: ✭ 115 (+283.33%)
dumproidAndroid process memory dump tool without ndk.
Stars: ✭ 55 (+83.33%)
Forensic ToolsA collection of tools for forensic analysis
Stars: ✭ 204 (+580%)
FatcatFAT filesystems explore, extract, repair, and forensic tool
Stars: ✭ 201 (+570%)
AUCRAnalyst Unknown Cyber Range - a micro web service framework
Stars: ✭ 24 (-20%)
WhatsdumpExtract WhatsApp private key from any non-rooted Android device (Android 7+ supported)
Stars: ✭ 198 (+560%)
DFIRRegexA repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.
Stars: ✭ 33 (+10%)
robot hacking manualRobot Hacking Manual (RHM). From robotics to cybersecurity. Papers, notes and writeups from a journey into robot cybersecurity.
Stars: ✭ 169 (+463.33%)
Splunk-ETWA Splunk Technology Add-on to forward filtered ETW events.
Stars: ✭ 26 (-13.33%)
Ctf ToolsUseful CTF Tools
Stars: ✭ 190 (+533.33%)
Rebel FrameworkAdvanced and easy to use penetration testing framework 💣🔎
Stars: ✭ 183 (+510%)
Remote Desktop CachingThis tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.
Stars: ✭ 171 (+470%)
sqbriteSQBrite is a data recovery tool for SQLite databases
Stars: ✭ 27 (-10%)
JoincapMerge multiple pcap files together, gracefully.
Stars: ✭ 159 (+430%)
SiemSIEM Tactics, Techiques, and Procedures
Stars: ✭ 157 (+423.33%)
SleuthkitThe Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.
Stars: ✭ 1,948 (+6393.33%)
C Aff4An AFF4 C++ implementation.
Stars: ✭ 126 (+320%)
MemProcFS-AnalyzerMemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
Stars: ✭ 89 (+196.67%)
MantOSLIFARS Networking Security GNU/Linux distro
Stars: ✭ 24 (-20%)