volatility3 by volatilityfoundation

Volatility 3.0 development

updated at May 26, 2024, 4:26 a.m.

55 +0

2,270 +18

373 +2

volatility by volatilityfoundation

An advanced memory forensics framework

updated at May 26, 2024, 4:12 a.m.

307 -1

6,973 +17

1,250 +1

capa by mandiant

The FLARE team's open-source tool to identify capabilities in executable files.

updated at May 26, 2024, 4:09 a.m.

79 +0

3,912 +15

494 +0

DidierStevensSuite by DidierStevens

Please no pull requests for this repository. Thanks!

updated at May 26, 2024, 3:04 a.m.

122 +0

1,858 +11

503 +1

plaso by log2timeline

Super timeline all the things

updated at May 26, 2024, 1:36 a.m.

92 +0

1,637 +8

325 +2

ThreatHunter-Playbook by OTRF

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

updated at May 25, 2024, 9:21 p.m.

369 -1

3,884 +7

796 +0

grr by google

GRR Rapid Response: remote live forensics for incident response

updated at May 25, 2024, 6:40 p.m.

316 +0

4,667 +6

760 -1

timesketch by google

Collaborative forensic timeline analysis

updated at May 25, 2024, 5:44 p.m.

138 +0

2,507 +5

573 +3

zentral by zentralopensource

Zentral is a high-visibility platform for controlling Apple endpoints in enterprises. It brings great observability to IT and makes tracking & reporting compliance much less manual.

updated at May 25, 2024, 3:27 p.m.

31 +0

722 +0

83 +0

sigma by SigmaHQ

Main Sigma Rule Repository

updated at May 25, 2024, 2:43 p.m.

328 +1

7,723 +23

2,103 +0

Loki by Neo23x0

Loki - Simple IOC and YARA Scanner

updated at May 25, 2024, 2:35 p.m.

187 +0

3,254 +0

574 -1

CAPEv2 by kevoreilly

Malware Configuration And Payload Extraction

updated at May 25, 2024, 7:43 a.m.

65 +1

1,707 +5

381 +0

caldera by mitre

Automated Adversary Emulation Platform

updated at May 25, 2024, 3:12 a.m.

166 +0

5,241 +17

1,018 +3

artifacts by ForensicArtifacts

Digital Forensics artifact repository

updated at May 24, 2024, 7:53 p.m.

73 +0

994 +3

203 -1

metta by uber-common

An information security preparedness tool to do adversarial simulation.

updated at May 24, 2024, 6:38 p.m.

74 +0

1,077 +3

150 -1

LogonTracer by JPCERTCC

Investigate malicious Windows logon by visualizing and analyzing Windows event log

updated at May 24, 2024, 12:36 p.m.

136 +0

2,642 +7

440 -1

Fastir_Collector by SekoiaLab

None

updated at May 24, 2024, 11:05 a.m.

63 +0

503 +1

127 +0

Zircolite by wagga40

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

updated at May 24, 2024, 4 a.m.

24 +0

607 +3

84 +0

dftimewolf by log2timeline

A framework for orchestrating forensic collection, processing and data export

updated at May 24, 2024, 1:55 a.m.

25 +0

278 +0

69 +0

RTA by endgameinc

None

updated at May 23, 2024, 3:18 p.m.

98 +0

1,038 +3

213 -1