margaritashotgun by ThreatResponse

Remote Memory Acquisition Tool

created at Aug. 9, 2016, 5:39 p.m.

17 +0

242 +1

50 +0

pyarascanner by nogoodconfig

A simple many-rules to many-files YARA scanner for incident response or malware zoos.

created at May 3, 2018, 11:49 a.m.

3 +0

26 +0

4 +0

streamalert by airbnb

StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.

created at Jan. 22, 2017, 1:10 a.m.

101 +0

2,861 +3

332 -1

SysmonSearch by JPCERTCC

Investigate suspicious activity by visualizing Sysmon's event log

created at July 31, 2018, 11:25 p.m.

43 +0

417 +0

58 +0

ghidra by NationalSecurityAgency

Ghidra is a software reverse engineering (SRE) framework

created at March 1, 2019, 3:27 a.m.

1,037 +4

51,864 +241

5,893 +20

rastrea2r by rastrea2r

Collecting & Hunting for IOCs with gusto and style

created at May 1, 2018, 6:21 p.m.

17 +0

238 +0

53 +0

threat_note by DefensePointSecurity

DPS' Lightweight Investigation Notebook

created at Aug. 24, 2015, 2:53 p.m.

57 +0

423 +0

97 +0

Meerkat by TonyPhipps

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

created at Feb. 8, 2018, 11:30 a.m.

31 +0

435 +0

82 +0

radare2 by radareorg

UNIX-like reverse engineering framework and command-line toolset

created at July 3, 2012, 7:42 a.m.

488 +1

20,710 +33

3,006 +3

dfir-orc by DFIR-ORC

Forensics artefact collection tool for systems running Microsoft Windows

created at Sept. 20, 2019, 9:30 a.m.

26 -1

387 +1

42 +0

MalConfScan by JPCERTCC

Volatility plugin for extracts configuration data of known malware

created at April 22, 2019, 12:23 a.m.

36 +0

485 +2

67 +0

PowerSponse by swisscom

PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.

created at Sept. 14, 2017, 9:15 a.m.

16 +0

38 +0

6 +0

IRTriage by AJMartel

Incident Response Triage - Windows Evidence Collection for Forensic Analysis

created at Sept. 4, 2015, 8:51 a.m.

17 +0

130 +0

23 +0

CyLR by orlikoski

CyLR - Live Response Collection Tool

created at Sept. 6, 2016, 10:14 p.m.

32 +0

645 +3

88 -1

security-apis by deralexxx

A collective list of public APIs for use in security. Contributions welcome

created at Jan. 9, 2018, 7:58 p.m.

58 +0

889 +3

134 +0

munin by Neo23x0

Online hash checker for Virustotal and other services

created at Oct. 9, 2017, 11:04 a.m.

42 +0

809 +1

147 +1

Invoke-LiveResponse by mgreen27

Invoke-LiveResponse

created at Jan. 14, 2018, 9:42 a.m.

13 +0

145 +0

29 +0

appcompatprocessor by mbevilacqua

"Evolving AppCompat/AmCache data analysis beyond grep"

created at April 2, 2017, 6:11 p.m.

17 +0

197 +0

25 +0

artifactcollector by forensicanalysis

🧭 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system

created at Jan. 3, 2020, 3:16 p.m.

8 +0

270 +2

21 +0

PowerGRR by swisscom

PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.

created at July 18, 2017, 1:14 p.m.

21 +0

56 +0

7 +0