winreg-kb by libyal

Windows Registry Knowledge Base

created at Sept. 28, 2014, 5:15 a.m.

15 +0

162 +0

20 +0

visualize_logs by keithjjones

A Python library and command line tools to provide interactive log visualization.

created at Oct. 11, 2016, 3:33 p.m.

15 +0

137 +0

30 +0

traceroute-circl by CIRCL

Traceroute improved wrapper for CSIRT and CERT operators

created at Dec. 5, 2010, 3:08 p.m.

16 +0

37 +0

9 +0

PowerSponse by swisscom

PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.

created at Sept. 14, 2017, 9:15 a.m.

16 +0

38 +0

6 +0

IRTriage by AJMartel

Incident Response Triage - Windows Evidence Collection for Forensic Analysis

created at Sept. 4, 2015, 8:51 a.m.

17 +0

130 +0

23 +0

fileintel by keithjjones

A modular Python application to pull intelligence about malicious files

created at Aug. 30, 2016, 5:35 p.m.

17 +0

118 +0

25 +0

gsvsoc_cirt-playbook-battle-cards by guardsight

Cyber Incident Response Team Playbook Battle Cards

created at Oct. 27, 2019, 4:28 a.m.

17 +0

360 +0

67 +1

margaritashotgun by ThreatResponse

Remote Memory Acquisition Tool

created at Aug. 9, 2016, 5:39 p.m.

17 +0

242 +1

50 +0

rastrea2r by rastrea2r

Collecting & Hunting for IOCs with gusto and style

created at May 1, 2018, 6:21 p.m.

17 +0

238 +0

53 +0

appcompatprocessor by mbevilacqua

"Evolving AppCompat/AmCache data analysis beyond grep"

created at April 2, 2017, 6:11 p.m.

17 +0

197 +0

25 +0

mastiff by KoreLogicSecurity

Malware static analysis framework

created at July 15, 2014, 8:23 p.m.

18 +0

174 +0

40 +0

WELA by Yamato-Security

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

created at May 13, 2021, 10:33 p.m.

18 +0

763 +1

82 +0

CIRTKit by opensourcesec

Tools for the Computer Incident Response Team

created at Oct. 19, 2015, 3:50 p.m.

20 +0

142 +0

25 +0

PowerGRR by swisscom

PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.

created at July 18, 2017, 1:14 p.m.

21 +0

56 +0

7 +0

dissect by fox-it

Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).

created at July 21, 2022, 8:26 a.m.

22 +0

924 +3

65 +1

matano by matanolabs

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

created at July 3, 2022, 1:41 p.m.

22 +0

1,472 +8

100 +0

Fastir_Collector_Linux by SekoiaLab

None

created at Jan. 25, 2016, 2:10 p.m.

23 +0

173 +1

42 +0

AutoTTP by jymcheong

Automated Tactics Techniques & Procedures

created at Sept. 7, 2017, 6:25 a.m.

24 +0

251 +0

64 +0

awesome-event-ids by stuhli

Collection of Event ID ressources useful for Digital Forensics and Incident Response

created at Sept. 22, 2021, 3:36 p.m.

24 +0

586 +2

85 +0

Zircolite by wagga40

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

created at March 2, 2021, 11:17 p.m.

25 +0

680 +1

91 +0