Judge-Jury-and-ExecutableA file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.
Stars: ✭ 66 (-42.61%)
HyaraYara rule making tool (IDA Pro & Binary Ninja & Cutter Plugin)
Stars: ✭ 142 (+23.48%)
YaraSharpC# wrapper around the Yara pattern matching library
Stars: ✭ 29 (-74.78%)
factual-rules-generatorFactual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.
Stars: ✭ 62 (-46.09%)
PEiDYet another implementation of PEiD with yara
Stars: ✭ 12 (-89.57%)
ThreatKBKnowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)
Stars: ✭ 68 (-40.87%)
yara-validatorValidates yara rules and tries to repair the broken ones.
Stars: ✭ 37 (-67.83%)
yarasploitYaraSploit is a collection of Yara rules generated from Metasploit framework shellcodes.
Stars: ✭ 31 (-73.04%)
threat-intelSignatures and IoCs from public Volexity blog posts.
Stars: ✭ 130 (+13.04%)
static file analysisAnalysis of file (doc, pdf, exe, ...) in deep (emmbedded file(s)) with clamscan and yara rules
Stars: ✭ 34 (-70.43%)
yara-rulesYara rules written by me, for free use.
Stars: ✭ 13 (-88.7%)
LokiLoki - Simple IOC and Incident Response Scanner
Stars: ✭ 2,217 (+1827.83%)
LogESPOpen Source SIEM (Security Information and Event Management system).
Stars: ✭ 162 (+40.87%)
harvestTool to sort large collections of files according to common typologies
Stars: ✭ 32 (-72.17%)
whohkwhohk,linux下一款强大的应急响应工具 在linux下的应急响应往往需要通过繁琐的命令行来查看各个点的情况,有的时候还需要做一些格式处理,这对于linux下命令不是很熟悉的人比较不友好。本工具将linux下应急响应中常用的一些操作给集合了起来,并处理成了较为友好的格式,只需要通过一个参数就能代替繁琐复杂的命令来实现对各个点的检查。
Stars: ✭ 260 (+126.09%)
MantOSLIFARS Networking Security GNU/Linux distro
Stars: ✭ 24 (-79.13%)
MEATThis toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices
Stars: ✭ 101 (-12.17%)
pyarascannerA simple many-rules to many-files YARA scanner for incident response or malware zoos.
Stars: ✭ 23 (-80%)
PackratLive system forensic collector
Stars: ✭ 16 (-86.09%)
CCXDiggerThe CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Stars: ✭ 45 (-60.87%)
demuxusbA program and toolset to analyze iDevice USB sessions
Stars: ✭ 25 (-78.26%)
AdtimelineTimeline of Active Directory changes with replication metadata
Stars: ✭ 252 (+119.13%)
MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (+94.78%)
S1EMThis project is a SIEM with SIRP and Threat Intel, all in one.
Stars: ✭ 270 (+134.78%)
urlRecon📝 urlRecon - Info Gathering or Recon tool for Urls -> Retrieves * Whois information of the domain * DNS Details of the domain * Server Fingerprint * IP geolocation of the server
Stars: ✭ 31 (-73.04%)
Radare2UNIX-like reverse engineering framework and command-line toolset
Stars: ✭ 15,412 (+13301.74%)
RemoteNETExamine, create and interact with remote objects in other .NET processes.
Stars: ✭ 29 (-74.78%)
yara-exporterExporting MISP event attributes to yara rules usable with Thor apt scanner
Stars: ✭ 22 (-80.87%)
INDXRipperCarve file metadata from NTFS index ($I30) attributes
Stars: ✭ 32 (-72.17%)
vim-syntax-yaraA Vim syntax-highlighting file for YARA rules
Stars: ✭ 26 (-77.39%)
binlexA Binary Genetic Traits Lexer Framework
Stars: ✭ 303 (+163.48%)
DFIR Resources REvil KaseyaResources for DFIR Professionals Responding to the REvil Ransomware Kaseya Supply Chain Attack
Stars: ✭ 172 (+49.57%)
AppmemDumperForensics triage tool relying on Volatility and Foremost
Stars: ✭ 22 (-80.87%)
TryHackMe-Write-UpThe entire walkthrough of all my resolved TryHackMe rooms
Stars: ✭ 53 (-53.91%)
prowlerProwler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.
Stars: ✭ 8,046 (+6896.52%)
GetConsoleHistoryAndOutputAn Incident Response tool to extract console command history and screen output buffer
Stars: ✭ 41 (-64.35%)
Invtero.netinVtero.net: A high speed (Gbps) Forensics, Memory integrity & assurance. Includes offensive & defensive memory capabilities. Find/Extract processes, hypervisors (including nested) in memory dumps using microarchitechture independent Virtual Machiene Introspection techniques
Stars: ✭ 237 (+106.09%)
CDIRCDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library
Stars: ✭ 122 (+6.09%)
UserlineQuery and report user logons relations from MS Windows Security Events
Stars: ✭ 221 (+92.17%)
RdpCacheStitcherRdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
Stars: ✭ 176 (+53.04%)
BURN[WIP] Anti-Forensics ToolKit to clear post-intrusion sensible logfiles 🔥 (For Research Only)
Stars: ✭ 13 (-88.7%)
Forensic ToolsA collection of tools for forensic analysis
Stars: ✭ 204 (+77.39%)
FatcatFAT filesystems explore, extract, repair, and forensic tool
Stars: ✭ 201 (+74.78%)
WhatsdumpExtract WhatsApp private key from any non-rooted Android device (Android 7+ supported)
Stars: ✭ 198 (+72.17%)
BlockHashLocRecover files using lists of blocks hashes, bypassing the File System entirely
Stars: ✭ 45 (-60.87%)
PypowershellxrayPython script to decode common encoded PowerShell scripts
Stars: ✭ 192 (+66.96%)
Ctf ToolsUseful CTF Tools
Stars: ✭ 190 (+65.22%)
ImHex-PatternsHex patterns, include patterns and magic files for the use with the ImHex Hex Editor
Stars: ✭ 192 (+66.96%)
LinuxforensicsEverything related to Linux Forensics
Stars: ✭ 189 (+64.35%)
Rebel FrameworkAdvanced and easy to use penetration testing framework 💣🔎
Stars: ✭ 183 (+59.13%)
qedThe scalable, auditable and high-performance tamper-evident log project
Stars: ✭ 87 (-24.35%)
Remote Desktop CachingThis tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.
Stars: ✭ 171 (+48.7%)
JoincapMerge multiple pcap files together, gracefully.
Stars: ✭ 159 (+38.26%)