volatility3 by volatilityfoundation

Volatility 3.0 development

updated at Nov. 17, 2024, 2:12 p.m.

57 +0

2,694 +19

460 +2

caldera by mitre

Automated Adversary Emulation Platform

updated at Nov. 17, 2024, 1:21 p.m.

171 +1

5,655 +17

1,074 +2

CAPEv2 by kevoreilly

Malware Configuration And Payload Extraction

updated at Nov. 17, 2024, 1:20 p.m.

65 +0

2,011 +14

425 +0

DidierStevensSuite by DidierStevens

Please no pull requests for this repository. Thanks!

updated at Nov. 17, 2024, 11:14 a.m.

127 +0

2,023 +8

531 +2

volatility by volatilityfoundation

An advanced memory forensics framework

updated at Nov. 17, 2024, 4:02 a.m.

309 +0

7,349 +26

1,280 +2

hindsight by obsidianforensics

Web browser forensics for Google Chrome/Chromium

updated at Nov. 16, 2024, 10:13 p.m.

67 +0

1,087 +5

142 +1

capa by mandiant

The FLARE team's open-source tool to identify capabilities in executable files.

updated at Nov. 16, 2024, 7:08 p.m.

82 +0

4,875 +18

560 +2

MalConfScan by JPCERTCC

Volatility plugin for extracts configuration data of known malware

updated at Nov. 16, 2024, 4:34 p.m.

36 +0

485 +2

67 +0

sigma by SigmaHQ

Main Sigma Rule Repository

updated at Nov. 16, 2024, 4:32 p.m.

346 +1

8,369 +32

2,198 -2

ThreatHunter-Playbook by OTRF

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

updated at Nov. 16, 2024, 3:22 p.m.

372 +0

4,023 +5

807 -1

zentral by zentralopensource

Zentral is a high-visibility platform for controlling Apple endpoints in enterprises. It brings great observability to IT and makes tracking & reporting compliance much less manual.

updated at Nov. 16, 2024, 2:52 p.m.

32 +0

752 +1

82 +0

LogonTracer by JPCERTCC

Investigate malicious Windows logon by visualizing and analyzing Windows event log

updated at Nov. 16, 2024, 7:41 a.m.

136 +0

2,735 +6

443 +0

Hoarder by muteb

This script is made to collect the most valiable artifacts for foreniscs or incident reponse investigation rather than imaging the whole har drive.

updated at Nov. 16, 2024, 7:32 a.m.

10 +0

193 +1

19 +0

VolDiff by aim4r

VolDiff: Malware Memory Footprint Analysis based on Volatility

updated at Nov. 16, 2024, 7:18 a.m.

28 +0

193 +1

50 +0

grr by google

GRR Rapid Response: remote live forensics for incident response

updated at Nov. 16, 2024, 4:08 a.m.

316 +1

4,783 +9

763 +2

Loki by Neo23x0

Loki - Simple IOC and YARA Scanner

updated at Nov. 16, 2024, 2:16 a.m.

184 +0

3,402 +7

583 +0

mac_apt by ydkhatri

macOS (& ios) Artifact Parsing Tool

updated at Nov. 15, 2024, 11:47 p.m.

44 +0

782 +2

102 +2

timesketch by google

Collaborative forensic timeline analysis

updated at Nov. 15, 2024, 1:11 p.m.

137 +0

2,614 +6

589 +0

plaso by log2timeline

Super timeline all the things

updated at Nov. 15, 2024, 12:45 p.m.

94 +1

1,734 +2

352 +1

dftimewolf by log2timeline

A framework for orchestrating forensic collection, processing and data export

updated at Nov. 15, 2024, 4:23 a.m.

27 +0

296 -1

72 +0