osxcollector by Yelp

A forensic evidence collection & analysis toolkit for OS X

created at Aug. 4, 2014, 6:25 p.m.

125 +0

1,862 +0

241 +0

DidierStevensSuite by DidierStevens

Please no pull requests for this repository. Thanks!

created at May 8, 2015, 11:21 a.m.

124 +1

1,885 +6

506 +1

hayabusa by Yamato-Security

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

created at Sept. 18, 2020, 5:04 a.m.

41 -1

2,049 +15

178 +4

fibratus by rabbitstack

A modern tool for Windows kernel exploration and tracing with a focus on security

created at March 25, 2016, 11:28 a.m.

71 +0

2,101 -1

184 +0

EVTX-ATTACK-SAMPLES by sbousseaden

Windows Events Attack Samples

created at March 15, 2019, 8:45 a.m.

144 +0

2,158 +3

392 +0

MozDef by mozilla

DEPRECATED - MozDef: Mozilla Enterprise Defense Platform

created at Feb. 18, 2014, 7:43 a.m.

151 +1

2,173 -1

329 +0

volatility3 by volatilityfoundation

Volatility 3.0 development

created at Jan. 26, 2014, 6:09 p.m.

56 -1

2,342 +16

389 +1

APTSimulator by NextronSystems

A toolset to make a system look as if it was the victim of an APT attack

created at Feb. 3, 2018, 2:19 p.m.

120 +0

2,400 +3

419 +0

rizin by rizinorg

UNIX-like reverse engineering framework and command-line toolset.

created at Sept. 30, 2020, 9:15 a.m.

45 +0

2,508 +7

341 +2

timesketch by google

Collaborative forensic timeline analysis

created at June 19, 2014, 5:49 p.m.

137 +0

2,522 +5

577 +0

sysmon-modular by olafhartong

A repository of sysmon configuration modules

created at Jan. 13, 2018, 9:20 p.m.

165 +1

2,543 +5

572 +0

chainsaw by WithSecureLabs

Rapidly Search and Hunt through Windows Forensic Artefacts

created at Aug. 13, 2021, 1:07 p.m.

50 +0

2,604 +5

232 +1

fleet by fleetdm

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)

created at Nov. 3, 2020, 10:17 p.m.

30 -1

2,613 +83

373 +3

LogonTracer by JPCERTCC

Investigate malicious Windows logon by visualizing and analyzing Windows event log

created at Nov. 24, 2017, 6:07 a.m.

136 +0

2,654 +2

441 +0

velociraptor by Velocidex

Digging Deeper....

created at March 24, 2018, 7:39 a.m.

72 +0

2,754 +7

465 +4

MemProcFS by ufrisk

MemProcFS

created at Nov. 18, 2018, 6:19 p.m.

78 +0

2,787 +21

348 +6

streamalert by airbnb

StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.

created at Jan. 22, 2017, 1:10 a.m.

102 +0

2,832 +1

334 +1

security-onion by Security-Onion-Solutions

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

created at March 24, 2015, 8:15 p.m.

301 +0

3,055 +0

517 -1

OSXAuditor by jipegit

OS X Auditor is a free Mac OS X computer forensics tool

created at June 19, 2013, 5:26 p.m.

182 +0

3,129 +1

283 +0

Loki by Neo23x0

Loki - Simple IOC and YARA Scanner

created at Jan. 18, 2015, 8:39 a.m.

186 +0

3,276 +5

576 +1