sigma by SigmaHQ

Main Sigma Rule Repository

created at Dec. 24, 2016, 9:48 a.m.

346 +1

8,369 +32

2,198 -2

volatility by volatilityfoundation

An advanced memory forensics framework

created at April 24, 2014, 3:45 p.m.

309 +0

7,349 +26

1,280 +2

caldera by mitre

Automated Adversary Emulation Platform

created at Nov. 29, 2017, 1:25 a.m.

171 +1

5,655 +17

1,074 +2

capa by mandiant

The FLARE team's open-source tool to identify capabilities in executable files.

created at June 16, 2020, 9:24 p.m.

82 +0

4,875 +18

560 +2

grr by google

GRR Rapid Response: remote live forensics for incident response

created at Dec. 4, 2013, 12:17 a.m.

316 +1

4,783 +9

763 +2

ThreatHunter-Playbook by OTRF

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

created at March 28, 2017, 3:07 a.m.

372 +0

4,023 +5

807 -1

Loki by Neo23x0

Loki - Simple IOC and YARA Scanner

created at Jan. 18, 2015, 8:39 a.m.

184 +0

3,402 +7

583 +0

streamalert by airbnb

StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.

created at Jan. 22, 2017, 1:10 a.m.

101 +0

2,861 +3

332 -1

LogonTracer by JPCERTCC

Investigate malicious Windows logon by visualizing and analyzing Windows event log

created at Nov. 24, 2017, 6:07 a.m.

136 +0

2,735 +6

443 +0

volatility3 by volatilityfoundation

Volatility 3.0 development

created at Jan. 26, 2014, 6:09 p.m.

57 +0

2,694 +19

460 +2

timesketch by google

Collaborative forensic timeline analysis

created at June 19, 2014, 5:49 p.m.

137 +0

2,614 +6

589 +0

MozDef by mozilla

DEPRECATED - MozDef: Mozilla Enterprise Defense Platform

created at Feb. 18, 2014, 7:43 a.m.

151 +0

2,168 +0

328 +0

DidierStevensSuite by DidierStevens

Please no pull requests for this repository. Thanks!

created at May 8, 2015, 11:21 a.m.

127 +0

2,023 +8

531 +2

CAPEv2 by kevoreilly

Malware Configuration And Payload Extraction

created at Oct. 15, 2019, 6:16 p.m.

65 +0

2,011 +14

425 +0

osxcollector by Yelp

A forensic evidence collection & analysis toolkit for OS X

created at Aug. 4, 2014, 6:25 p.m.

125 +0

1,875 +0

243 +0

plaso by log2timeline

Super timeline all the things

created at Sept. 8, 2014, 11:29 p.m.

94 +1

1,734 +2

352 +1

viper by viper-framework

Binary analysis and management framework

created at Nov. 9, 2013, 6:24 p.m.

148 +0

1,539 +0

350 +0

APT-Hunter by ahmedkhlief

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

created at Dec. 26, 2020, 9:52 p.m.

47 +0

1,255 +3

239 +1

metta by uber-common

An information security preparedness tool to do adversarial simulation.

created at Nov. 1, 2017, 9:24 p.m.

75 +0

1,101 +3

151 +0

hindsight by obsidianforensics

Web browser forensics for Google Chrome/Chromium

created at May 22, 2014, 3:25 a.m.

67 +0

1,087 +5

142 +1