DfirtrackDFIRTrack - The Incident Response Tracking Application
Stars: ✭ 232 (+2.2%)
EvilizeParses Windows event logs files based on SANS Poster
Stars: ✭ 24 (-89.43%)
Docker-TemplatesDocker configurations for TheHive, Cortex and 3rd party tools
Stars: ✭ 71 (-68.72%)
PockintA portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️
Stars: ✭ 196 (-13.66%)
MthcAll-in-one bundle of MISP, TheHive and Cortex
Stars: ✭ 134 (-40.97%)
ThreathuntThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.
Stars: ✭ 92 (-59.47%)
INDXRipperCarve file metadata from NTFS index ($I30) attributes
Stars: ✭ 32 (-85.9%)
KuiperDigital Forensics Investigation Platform
Stars: ✭ 257 (+13.22%)
Cyberchef RecipesA list of cyber-chef recipes and curated links
Stars: ✭ 619 (+172.69%)
CortexCortex: a Powerful Observable Analysis and Active Response Engine
Stars: ✭ 676 (+197.8%)
Dfir OrcForensics artefact collection tool for systems running Microsoft Windows
Stars: ✭ 202 (-11.01%)
MalwlessTest Blue Team detections without running any attack.
Stars: ✭ 215 (-5.29%)
PypowershellxrayPython script to decode common encoded PowerShell scripts
Stars: ✭ 192 (-15.42%)
GDPatrolA Lambda-powered Security Orchestration framework for AWS GuardDuty
Stars: ✭ 50 (-77.97%)
RdpCacheStitcherRdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
Stars: ✭ 176 (-22.47%)
MEATThis toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices
Stars: ✭ 101 (-55.51%)
uacUAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
Stars: ✭ 260 (+14.54%)
fastfinderIncident Response - Fast suspicious file finder
Stars: ✭ 116 (-48.9%)
rhqRecon Hunt Queries
Stars: ✭ 66 (-70.93%)
AttackdatamapA datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
Stars: ✭ 264 (+16.3%)
Imago ForensicsImago is a python tool that extract digital evidences from images.
Stars: ✭ 175 (-22.91%)
ScriptingPS / Bash / Python / Other scripts For FUN!
Stars: ✭ 47 (-79.3%)
Ir RescueA Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
Stars: ✭ 311 (+37%)
ThehivedocsDocumentation of TheHive
Stars: ✭ 353 (+55.51%)
ThehiveTheHive: a Scalable, Open Source and Free Security Incident Response Platform
Stars: ✭ 2,300 (+913.22%)
catalystCatalyst is an open source SOAR system that helps to automate alert handling and incident response processes
Stars: ✭ 91 (-59.91%)
BeagleBeagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Stars: ✭ 976 (+329.96%)
HistoricprocesstreeAn Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree view.
Stars: ✭ 46 (-79.74%)
Cortex4pyPython API Client for Cortex
Stars: ✭ 22 (-90.31%)
ThreatpinchlookupDocumentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Stars: ✭ 257 (+13.22%)
pyarascannerA simple many-rules to many-files YARA scanner for incident response or malware zoos.
Stars: ✭ 23 (-89.87%)
PackratLive system forensic collector
Stars: ✭ 16 (-92.95%)
OrianaOriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
Stars: ✭ 152 (-33.04%)
CCXDiggerThe CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Stars: ✭ 45 (-80.18%)
CDIRCDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library
Stars: ✭ 122 (-46.26%)
MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (-1.32%)
PSTraceTrace ScriptBlock execution for powershell v2
Stars: ✭ 38 (-83.26%)
ir scriptsincident response scripts
Stars: ✭ 17 (-92.51%)
Thehive4pyPython API Client for TheHive
Stars: ✭ 143 (-37%)
MemProcFS-AnalyzerMemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
Stars: ✭ 89 (-60.79%)
SiacSIAC is an enterprise SIEM built on open-source technology.
Stars: ✭ 100 (-55.95%)
Atc ReactA knowledge base of actionable Incident Response techniques
Stars: ✭ 226 (-0.44%)
Misp TaxonomiesTaxonomies used in MISP taxonomy system and can be used by other information sharing tool.
Stars: ✭ 168 (-25.99%)
Xianreactive风格的微服务框架
Stars: ✭ 196 (-13.66%)
ZombieantZombie Ant Farm: Primitives and Offensive Tooling for Linux EDR evasion.
Stars: ✭ 169 (-25.55%)
Newbe.claptrapThis is a frameworks with reactive, event sourcing and Actor pattern as basic theories. On top of this, developers can create "distributed", "scale out", and "easy to test" application more simply. Claptrap and it`s Minions is on the way.
Stars: ✭ 163 (-28.19%)
PatrowlenginesPatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 162 (-28.63%)
LokiLoki - Simple IOC and Incident Response Scanner
Stars: ✭ 2,217 (+876.65%)
AkkaBuild highly concurrent, distributed, and resilient message-driven applications on the JVM
Stars: ✭ 11,938 (+5159.03%)
Actor FrameworkAn Open Source Implementation of the Actor Model in C++
Stars: ✭ 2,637 (+1061.67%)
Litmus testDetecting ATT&CK techniques & tactics for Linux
Stars: ✭ 190 (-16.3%)
SiemSIEM Tactics, Techiques, and Procedures
Stars: ✭ 157 (-30.84%)
ModernarchitectureshopThe Microservices Online Shop is an application with a modern software architecture that is cleanly designed and based on.NET lightweight technologies. The shop has two build variations. The first variant is the classic Microservices Architectural Style. The second one is with Dapr. Dapr has a comprehensive infrastructure for building highly decoupled Microservices; for this reason, I am using Dapr to achieve the noble goal of building a highly scalable application with clean architecture and clean code.
Stars: ✭ 154 (-32.16%)
LinuxforensicsEverything related to Linux Forensics
Stars: ✭ 189 (-16.74%)