RTA by endgameinc

None

updated at May 23, 2024, 3:18 p.m.

98 +0

1,038 +3

213 -1

Skadi by orlikoski

Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux

updated at May 23, 2024, 6:15 p.m.

37 +0

481 +1

68 +0

matano by matanolabs

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

updated at May 23, 2024, 9:43 p.m.

21 +1

1,367 +3

91 +2

dftimewolf by log2timeline

A framework for orchestrating forensic collection, processing and data export

updated at May 24, 2024, 1:55 a.m.

25 +0

278 +0

69 +0

avml by Microsoft

AVML - Acquire Volatile Memory for Linux

updated at May 24, 2024, 3:42 a.m.

32 +0

818 +3

76 +1

Zircolite by wagga40

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

updated at May 24, 2024, 4 a.m.

24 +0

607 +3

84 +0

Shuffle by Shuffle

Shuffle: A general purpose security automation platform. Our focus is on collaboration and resource sharing.

updated at May 24, 2024, 6:24 a.m.

34 +0

1,281 +3

304 +2

Aurora-Incident-Response by cyb3rfox

Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders

updated at May 24, 2024, 7 a.m.

41 +0

728 +0

78 +0

ir-rescue by diogo-fernan

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

updated at May 24, 2024, 8:44 a.m.

44 -1

451 +2

94 +0

cuckoo by cuckoosandbox

Cuckoo Sandbox is an automated dynamic malware analysis system

updated at May 24, 2024, 9:54 a.m.

437 +2

5,433 +5

1,689 +0

Fastir_Collector by SekoiaLab

None

updated at May 24, 2024, 11:05 a.m.

63 +0

503 +1

127 +0

LogonTracer by JPCERTCC

Investigate malicious Windows logon by visualizing and analyzing Windows event log

updated at May 24, 2024, 12:36 p.m.

136 +0

2,642 +7

440 -1

LiME by 504ensicsLabs

LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. LiME is unique in that it is the first tool that allows full memory captures from Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition.

updated at May 24, 2024, 3:34 p.m.

81 +0

1,648 +5

331 +1

spyre by spyre-project

simple YARA-based IOC scanner

updated at May 24, 2024, 4:28 p.m.

12 +0

160 +1

27 +0

artifactcollector by forensicanalysis

🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system

updated at May 24, 2024, 5:19 p.m.

9 +0

244 +1

19 +0

sysmon-modular by olafhartong

A repository of sysmon configuration modules

updated at May 24, 2024, 5:46 p.m.

164 +0

2,504 +2

568 +0

flightsim by alphasoc

A utility to safely generate malicious network traffic patterns and evaluate controls.

updated at May 24, 2024, 6:08 p.m.

35 +0

1,195 +3

128 +0

metta by uber-common

An information security preparedness tool to do adversarial simulation.

updated at May 24, 2024, 6:38 p.m.

74 +0

1,077 +3

150 -1

artifacts by ForensicArtifacts

Digital Forensics artifact repository

updated at May 24, 2024, 7:53 p.m.

73 +0

994 +3

203 -1

stenographer by google

Stenographer is a packet capture solution which aims to quickly spool all packets to disk, then provide simple, fast access to subsets of those packets. Discussion/announcements at stenographer@googlegroups.com

updated at May 24, 2024, 10:23 p.m.

104 +0

1,789 +1

233 +1