Meerkat by TonyPhipps

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

updated at June 3, 2024, 2:38 p.m.

31 +0

427 +0

84 +0

munin by Neo23x0

Online hash checker for Virustotal and other services

updated at June 3, 2024, 3:58 p.m.

42 +0

801 +0

149 +1

orochi by LDO-CERT

The Volatility Collaborative GUI

updated at June 4, 2024, 11:18 a.m.

12 +0

206 +0

19 +0

stringsifter by mandiant

A machine learning tool that ranks strings based on their relevance for malware analysis.

updated at June 4, 2024, 4:21 p.m.

30 +0

653 +0

125 +1

RTA by endgameinc

None

updated at June 5, 2024, 2:32 p.m.

97 +0

1,040 +0

213 +0

MalConfScan by JPCERTCC

Volatility plugin for extracts configuration data of known malware

updated at June 5, 2024, 8:44 p.m.

36 +0

475 +0

68 +0

winreg-kb by libyal

Windows Registry Knowledge Base

updated at June 5, 2024, 9:21 p.m.

16 +0

152 +0

19 -1

threat_note by DefensePointSecurity

DPS' Lightweight Investigation Notebook

updated at June 5, 2024, 9:53 p.m.

57 +0

423 +0

97 +0

sqhunter by 0x4D31

A simple threat hunting tool based on osquery, Salt Open and Cymon API

updated at June 5, 2024, 10:28 p.m.

12 +0

66 +0

15 +0

MFT_Browser by kacos2000

$MFT directory tree reconstruction & FILE record info

updated at June 6, 2024, 8:43 p.m.

13 +0

281 +0

31 +1

DumpsterFire by TryCatchHCF

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

updated at June 7, 2024, 4:15 a.m.

50 +0

973 +0

148 +0

awesome-event-ids by stuhli

Collection of Event ID ressources useful for Digital Forensics and Incident Response

updated at June 7, 2024, 6:52 a.m.

24 +0

552 +0

83 +0

CDQR by orlikoski

The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux, MacOS, and Android devices

updated at June 7, 2024, 2:26 p.m.

30 +0

329 +0

51 +0

rastrea2r by rastrea2r

Collecting & Hunting for IOCs with gusto and style

updated at June 8, 2024, 12:38 a.m.

18 +0

235 +0

53 +0

Invoke-LiveResponse by mgreen27

Invoke-LiveResponse

updated at June 8, 2024, 6:55 a.m.

13 +0

145 +0

29 +0

morgue by etsy

post mortem tracker

updated at June 8, 2024, 8:52 p.m.

75 +0

1,014 +0

132 +0

CimSweep by mattifestation

CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows.

updated at June 9, 2024, 2:44 a.m.

74 +0

636 +0

151 +0

CyLR by orlikoski

CyLR - Live Response Collection Tool

updated at June 9, 2024, 10:12 a.m.

32 +0

606 +1

90 +1

SOC-Multitool by zdhenard42

A powerful and user-friendly browser extension that streamlines investigations for security professionals.

updated at June 9, 2024, 1:47 p.m.

10 +0

313 +1

42 +0

IRM by certsocietegenerale

Incident Response Methodologies 2022

updated at June 9, 2024, 2:51 p.m.

42 +0

890 +2

137 +0