A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
updated at June 3, 2024, 2:38 p.m.
A machine learning tool that ranks strings based on their relevance for malware analysis.
updated at June 4, 2024, 4:21 p.m.
Volatility plugin for extracts configuration data of known malware
updated at June 5, 2024, 8:44 p.m.
DPS' Lightweight Investigation Notebook
updated at June 5, 2024, 9:53 p.m.
$MFT directory tree reconstruction & FILE record info
updated at June 6, 2024, 8:43 p.m.
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
updated at June 7, 2024, 4:15 a.m.
Collection of Event ID ressources useful for Digital Forensics and Incident Response
updated at June 7, 2024, 6:52 a.m.
CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows.
updated at June 9, 2024, 2:44 a.m.
A powerful and user-friendly browser extension that streamlines investigations for security professionals.
updated at June 9, 2024, 1:47 p.m.