caldera by mitre

Automated Adversary Emulation Platform

created at Nov. 29, 2017, 1:25 a.m.

171 +1

5,655 +17

1,074 +2

security-apis by deralexxx

A collective list of public APIs for use in security. Contributions welcome

created at Jan. 9, 2018, 7:58 p.m.

58 +0

889 +3

134 +0

flightsim by alphasoc

A utility to safely generate malicious network traffic patterns and evaluate controls.

created at Jan. 10, 2018, 12:31 p.m.

35 +0

1,260 +3

132 +0

sysmon-modular by olafhartong

A repository of sysmon configuration modules

created at Jan. 13, 2018, 9:20 p.m.

165 +0

2,664 +6

590 +2

Invoke-LiveResponse by mgreen27

Invoke-LiveResponse

created at Jan. 14, 2018, 9:42 a.m.

13 +0

145 +0

29 +0

artifacts-kb by ForensicArtifacts

Digital Forensics Artifacts Knowledge Base

created at Jan. 17, 2018, 7:31 p.m.

7 +0

75 +0

16 +0

APTSimulator by NextronSystems

A toolset to make a system look as if it was the victim of an APT attack

created at Feb. 3, 2018, 2:19 p.m.

122 +0

2,469 +6

428 +0

Meerkat by TonyPhipps

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

created at Feb. 8, 2018, 11:30 a.m.

31 +0

435 +0

82 +0

RedHunt-OS by redhuntlabs

Virtual Machine for Adversary Emulation and Threat Hunting

created at March 14, 2018, 7:31 p.m.

84 +0

1,247 +0

193 +0

RTA by endgameinc

None

created at March 19, 2018, 7:59 p.m.

96 +0

1,050 +1

212 +0

velociraptor by Velocidex

Digging Deeper....

created at March 24, 2018, 7:39 a.m.

75 +1

2,980 +11

492 +1

rastrea2r by rastrea2r

Collecting & Hunting for IOCs with gusto and style

created at May 1, 2018, 6:21 p.m.

17 +0

238 +0

53 +0

diffy by Netflix-Skunkworks

(DEPRECATED) Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.

created at May 1, 2018, 10:11 p.m.

144 -1

635 +1

59 +0

pyarascanner by nogoodconfig

A simple many-rules to many-files YARA scanner for incident response or malware zoos.

created at May 3, 2018, 11:49 a.m.

3 +0

26 +0

4 +0

spyre by spyre-project

simple YARA-based IOC scanner

created at May 28, 2018, 7:07 p.m.

12 +0

164 +0

27 +0

SysmonSearch by JPCERTCC

Investigate suspicious activity by visualizing Sysmon's event log

created at July 31, 2018, 11:25 p.m.

43 +0

417 +0

58 +0

dfirtrack by dfirtrack

DFIRTrack - The Incident Response Tracking Application

created at Nov. 11, 2018, 10:14 p.m.

25 +0

482 +0

75 +0

MemProcFS by ufrisk

MemProcFS

created at Nov. 18, 2018, 6:19 p.m.

85 +1

3,115 +39

380 +5

Hoarder by muteb

This script is made to collect the most valiable artifacts for foreniscs or incident reponse investigation rather than imaging the whole har drive.

created at Dec. 22, 2018, 8:23 p.m.

10 +0

193 +1

19 +0

ghidra by NationalSecurityAgency

Ghidra is a software reverse engineering (SRE) framework

created at March 1, 2019, 3:27 a.m.

1,037 +4

51,864 +241

5,893 +20