Small and highly portable detection tests based on MITRE's ATT&CK.
created at Oct. 11, 2017, 5:23 p.m.
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
created at Sept. 17, 2013, 5:07 p.m.
⭐️ A curated list of awesome forensic analysis tools and resources
created at March 29, 2016, 8:54 p.m.
Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Official Twitter/X account @PersistSniper. Made with ❤️ by @last0x00 and @dottor_morte
created at July 20, 2022, 7:19 a.m.
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
created at Oct. 27, 2021, 5:47 p.m.
Digital Forensics artifact repository
created at Oct. 31, 2014, 7:13 p.m.
This repository serves as a place for community created Targets and Modules for use with KAPE.
created at Oct. 9, 2018, 5:13 p.m.
BlockBlock provides continual protection by monitoring persistence locations.
created at April 9, 2020, 7:44 a.m.
Enumerate persistently installed software
created at Feb. 1, 2021, 12:50 a.m.
🚀AutoRuns is a PowerShell module that will help do live incident response and enumerate autoruns artifacts that may be used by legitimate programs as well as malware to achieve persistence.
created at Jan. 7, 2016, 10:24 p.m.
Demos of various (also non standard) persistence methods used by malware
created at May 16, 2017, 9:08 a.m.
Scan your computer for applications that are either susceptible to dylib hijacking or have been hijacked.
created at Feb. 1, 2021, 3:58 a.m.
PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.
created at Sept. 14, 2017, 9:15 a.m.