RemoteNETExamine, create and interact with remote objects in other .NET processes.
Stars: ✭ 29 (-74.78%)
Oletoolsoletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
Stars: ✭ 1,848 (+1506.96%)
yara-exporterExporting MISP event attributes to yara rules usable with Thor apt scanner
Stars: ✭ 22 (-80.87%)
Rifiuti2Windows Recycle Bin analyser
Stars: ✭ 100 (-13.04%)
INDXRipperCarve file metadata from NTFS index ($I30) attributes
Stars: ✭ 32 (-72.17%)
GohacktoolsHacker tools on Go (Golang)
Stars: ✭ 1,303 (+1033.04%)
whohkwhohk,linux下一款强大的应急响应工具 在linux下的应急响应往往需要通过繁琐的命令行来查看各个点的情况,有的时候还需要做一些格式处理,这对于linux下命令不是很熟悉的人比较不友好。本工具将linux下应急响应中常用的一些操作给集合了起来,并处理成了较为友好的格式,只需要通过一个参数就能代替繁琐复杂的命令来实现对各个点的检查。
Stars: ✭ 260 (+126.09%)
vim-syntax-yaraA Vim syntax-highlighting file for YARA rules
Stars: ✭ 26 (-77.39%)
AutopsyAutopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card.
Stars: ✭ 1,183 (+928.7%)
Etl ParserEvent Trace Log file parser in pure Python
Stars: ✭ 66 (-42.61%)
binlexA Binary Genetic Traits Lexer Framework
Stars: ✭ 303 (+163.48%)
MetaforgeAn OSINT Metadata analyzing tool that filters through tags and creates reports
Stars: ✭ 63 (-45.22%)
DFIR Resources REvil KaseyaResources for DFIR Professionals Responding to the REvil Ransomware Kaseya Supply Chain Attack
Stars: ✭ 172 (+49.57%)
BrambleBramble is a hacking Open source suite.
Stars: ✭ 60 (-47.83%)
AppmemDumperForensics triage tool relying on Volatility and Foremost
Stars: ✭ 22 (-80.87%)
AutotimelinerAutomagically extract forensic timeline from volatile memory dump
Stars: ✭ 54 (-53.04%)
CCXDiggerThe CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Stars: ✭ 45 (-60.87%)
TryHackMe-Write-UpThe entire walkthrough of all my resolved TryHackMe rooms
Stars: ✭ 53 (-53.91%)
MeerkatA collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
Stars: ✭ 284 (+146.96%)
Firefed🕵️ A tool for Firefox profile analysis, data extraction, forensics and hardening
Stars: ✭ 37 (-67.83%)
prowlerProwler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.
Stars: ✭ 8,046 (+6896.52%)
Tr1pdtamper resistant audit log
Stars: ✭ 13 (-88.7%)
GetConsoleHistoryAndOutputAn Incident Response tool to extract console command history and screen output buffer
Stars: ✭ 41 (-64.35%)
KauditAlcide Kubernetes Audit Log Analyzer - Alcide kAudit
Stars: ✭ 23 (-80%)
Invtero.netinVtero.net: A high speed (Gbps) Forensics, Memory integrity & assurance. Includes offensive & defensive memory capabilities. Find/Extract processes, hypervisors (including nested) in memory dumps using microarchitechture independent Virtual Machiene Introspection techniques
Stars: ✭ 237 (+106.09%)
MemlabsEducational, CTF-styled labs for individuals interested in Memory Forensics
Stars: ✭ 696 (+505.22%)
CDIRCDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library
Stars: ✭ 122 (+6.09%)
DiffyDiffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
Stars: ✭ 555 (+382.61%)
UserlineQuery and report user logons relations from MS Windows Security Events
Stars: ✭ 221 (+92.17%)
SeqboxA single file container/archive that can be reconstructed even after total loss of file system structures
Stars: ✭ 480 (+317.39%)
RdpCacheStitcherRdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
Stars: ✭ 176 (+53.04%)
Awesome ForensicsAwesome Forensics Resources. Almost 300 open source forensics tools, and 600 blog posts about forensics.
Stars: ✭ 446 (+287.83%)
Forensic ToolsA collection of tools for forensic analysis
Stars: ✭ 204 (+77.39%)
PigA Linux packet crafting tool.
Stars: ✭ 384 (+233.91%)
BURN[WIP] Anti-Forensics ToolKit to clear post-intrusion sensible logfiles 🔥 (For Research Only)
Stars: ✭ 13 (-88.7%)
SiftSIFT
Stars: ✭ 355 (+208.7%)
WhatsdumpExtract WhatsApp private key from any non-rooted Android device (Android 7+ supported)
Stars: ✭ 198 (+72.17%)
Docker ExplorerA tool to help forensicate offline docker acquisitions
Stars: ✭ 328 (+185.22%)
BlockHashLocRecover files using lists of blocks hashes, bypassing the File System entirely
Stars: ✭ 45 (-60.87%)
MalconfscanVolatility plugin for extracts configuration data of known malware
Stars: ✭ 327 (+184.35%)
Ctf ToolsUseful CTF Tools
Stars: ✭ 190 (+65.22%)
Ir RescueA Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
Stars: ✭ 311 (+170.43%)
ImHex-PatternsHex patterns, include patterns and magic files for the use with the ImHex Hex Editor
Stars: ✭ 192 (+66.96%)
ProwlerProwler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
Stars: ✭ 4,561 (+3866.09%)
Rebel FrameworkAdvanced and easy to use penetration testing framework 💣🔎
Stars: ✭ 183 (+59.13%)
qedThe scalable, auditable and high-performance tamper-evident log project
Stars: ✭ 87 (-24.35%)
RecuperabitA tool for forensic file system reconstruction.
Stars: ✭ 280 (+143.48%)
Remote Desktop CachingThis tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.
Stars: ✭ 171 (+48.7%)
wipedicksWipe files and drives securely with randoms ASCII dicks
Stars: ✭ 94 (-18.26%)
JoincapMerge multiple pcap files together, gracefully.
Stars: ✭ 159 (+38.26%)
bits parserExtract BITS jobs from QMGR queue and store them as CSV records
Stars: ✭ 64 (-44.35%)
WiFi-ProjectPre-connection attacks, gaining access & post-connection attacks on WEP, WPA & WPA2. 🛰✔️
Stars: ✭ 22 (-80.87%)
sandfly-setupSandfly Security Agentless Compromise and Intrusion Detection System For Linux
Stars: ✭ 45 (-60.87%)
flare-wmiNo description or website provided.
Stars: ✭ 399 (+246.96%)
SiemSIEM Tactics, Techiques, and Procedures
Stars: ✭ 157 (+36.52%)
rair-coreRAIR: RAdare In Rust
Stars: ✭ 63 (-45.22%)
dcflddEnhanced version of dd for forensics and security
Stars: ✭ 27 (-76.52%)