hayabusaHayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Stars: ✭ 908 (+105.43%)
SiemSIEM Tactics, Techiques, and Procedures
Stars: ✭ 157 (-64.48%)
MeerkatA collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
Stars: ✭ 284 (-35.75%)
TimesketchCollaborative forensic timeline analysis
Stars: ✭ 1,795 (+306.11%)
PoShLog🔩 PoShLog is PowerShell cross-platform logging module. It allows you to log structured event data into console, file and much more places easily. It's built upon great C# logging library Serilog - https://serilog.net/
Stars: ✭ 108 (-75.57%)
RitaReal Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.
Stars: ✭ 1,352 (+205.88%)
CortexCortex: a Powerful Observable Analysis and Active Response Engine
Stars: ✭ 676 (+52.94%)
smram parseSystem Management RAM analysis tool
Stars: ✭ 50 (-88.69%)
AdtimelineTimeline of Active Directory changes with replication metadata
Stars: ✭ 252 (-42.99%)
SWELFSimple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.
Stars: ✭ 23 (-94.8%)
TelerReal-time HTTP Intrusion Detection
Stars: ✭ 1,248 (+182.35%)
Etl ParserEvent Trace Log file parser in pure Python
Stars: ✭ 66 (-85.07%)
PypowershellxrayPython script to decode common encoded PowerShell scripts
Stars: ✭ 192 (-56.56%)
PSTraceTrace ScriptBlock execution for powershell v2
Stars: ✭ 38 (-91.4%)
UserlineQuery and report user logons relations from MS Windows Security Events
Stars: ✭ 221 (-50%)
ForensicsToolsA list of free and open forensics analysis tools and other resources
Stars: ✭ 392 (-11.31%)
DFIR-O365RCPowerShell module for Office 365 and Azure log collection
Stars: ✭ 158 (-64.25%)
static file analysisAnalysis of file (doc, pdf, exe, ...) in deep (emmbedded file(s)) with clamscan and yara rules
Stars: ✭ 34 (-92.31%)
YeddaYEDDA: A Lightweight Collaborative Text Span Annotation Tool. Code for ACL 2018 Best Demo Paper Nomination.
Stars: ✭ 704 (+59.28%)
ULogViewerCross-Platform Universal Log Viewer.
Stars: ✭ 64 (-85.52%)
PlasoSuper timeline all the things
Stars: ✭ 1,055 (+138.69%)
paStashpastaʃ'ʃ = Spaghetti I/O Event Data Processing, Interpolation, Correlation and beyond 🍝
Stars: ✭ 89 (-79.86%)
siemstressVery basic CLI SIEM (Security Information and Event Management system).
Stars: ✭ 24 (-94.57%)
GollumAn n:m message multiplexer written in Go
Stars: ✭ 883 (+99.77%)
GologA high-performant Logging Foundation for Go Applications. X3 faster than the rest leveled loggers.
Stars: ✭ 208 (-52.94%)
Mimir📱 A simple & efficient iOS logging framework for high usage apps
Stars: ✭ 13 (-97.06%)
AutotimelinerAutomagically extract forensic timeline from volatile memory dump
Stars: ✭ 54 (-87.78%)
LinuxforensicsEverything related to Linux Forensics
Stars: ✭ 189 (-57.24%)
MemlabsEducational, CTF-styled labs for individuals interested in Memory Forensics
Stars: ✭ 696 (+57.47%)
Get-NetworkConnectionEdited version of Lee Christensen's Get-NetworkConnection which includes timestamp for each network connection
Stars: ✭ 34 (-92.31%)
hepipe.jsPipe arbitrary data rows (logs, events, cdrs, esl, etc) to HEP Server (HOMER)
Stars: ✭ 22 (-95.02%)
EventTranscriptParserPython based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)
Stars: ✭ 22 (-95.02%)
HindsightWeb browser forensics for Google Chrome/Chromium
Stars: ✭ 589 (+33.26%)
CCXDiggerThe CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Stars: ✭ 45 (-89.82%)
ad-privileged-auditProvides various Windows Server Active Directory (AD) security-focused reports.
Stars: ✭ 42 (-90.5%)
RdpCacheStitcherRdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
Stars: ✭ 176 (-60.18%)
GetConsoleHistoryAndOutputAn Incident Response tool to extract console command history and screen output buffer
Stars: ✭ 41 (-90.72%)
ptkdev-logger🦒 Beautiful Logger for Node.js: the best alternative to the console.log statement
Stars: ✭ 117 (-73.53%)
DiffyDiffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
Stars: ✭ 555 (+25.57%)
winevtWindows Event Interactions in Python
Stars: ✭ 59 (-86.65%)
SgfThis is a Smart Game Foundation (Not Framework)
Stars: ✭ 122 (-72.4%)
PackratLive system forensic collector
Stars: ✭ 16 (-96.38%)
IlluminatiThis is a Platform that collects all the data accuring in your Application and shows the data in real time by using Kibana or other tools.
Stars: ✭ 106 (-76.02%)
dnslogMinimalistic DNS logging tool
Stars: ✭ 40 (-90.95%)
MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (-49.32%)
LogESPOpen Source SIEM (Security Information and Event Management system).
Stars: ✭ 162 (-63.35%)
MEATThis toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices
Stars: ✭ 101 (-77.15%)
INDXRipperCarve file metadata from NTFS index ($I30) attributes
Stars: ✭ 32 (-92.76%)
addon-log-viewerLog Viewer - Home Assistant Community Add-ons
Stars: ✭ 37 (-91.63%)
traffic analyserRetrieve useful information from apache/nginx access logs to help troubleshoot traffic related problems
Stars: ✭ 44 (-90.05%)
lCross-platform html/io [L]ogger with simple API.
Stars: ✭ 26 (-94.12%)
Swap digger swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.
Stars: ✭ 354 (-19.91%)
TurbiniaAutomation and Scaling of Digital Forensics Tools
Stars: ✭ 461 (+4.3%)
Serverless Es LogsA Serverless plugin to transport logs to ElasticSearch
Stars: ✭ 51 (-88.46%)
uacUAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
Stars: ✭ 260 (-41.18%)
CDIRCDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library
Stars: ✭ 122 (-72.4%)
Vol3xpVolatility Explorer Suit
Stars: ✭ 31 (-92.99%)