LogonTracer by JPCERTCC

Investigate malicious Windows logon by visualizing and analyzing Windows event log

created at Nov. 24, 2017, 6:07 a.m.

136 +0

2,735 +6

443 +0

uac by tclahr

UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

created at Jan. 8, 2020, 5:19 p.m.

28 +0

797 +3

124 +0

CAPEv2 by kevoreilly

Malware Configuration And Payload Extraction

created at Oct. 15, 2019, 6:16 p.m.

65 +0

2,011 +14

425 +0

cuckoo by cuckoosandbox

Cuckoo Sandbox is an automated dynamic malware analysis system

created at Sept. 7, 2011, 12:12 p.m.

436 +0

5,564 +7

1,705 +1

scot by sandialabs

Sandia Cyber Omni Tracker (SCOT)

created at Aug. 27, 2014, 8:24 p.m.

37 +0

245 +0

48 +0

RegRipper3.0 by keydet89

RegRipper3.0

created at May 27, 2020, 3:24 p.m.

26 +0

557 +3

126 +3

cutter by rizinorg

Free and Open Source Reverse Engineering Platform powered by rizin

created at Sept. 25, 2017, 9:50 a.m.

305 +0

15,885 +34

1,150 +0

fleet by fleetdm

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)

created at Nov. 3, 2020, 10:17 p.m.

36 +2

3,119 +12

431 +4

sigma by SigmaHQ

Main Sigma Rule Repository

created at Dec. 24, 2016, 9:48 a.m.

346 +1

8,369 +32

2,198 -2

avml by Microsoft

AVML - Acquire Volatile Memory for Linux

created at June 6, 2019, 11:01 p.m.

32 +0

875 +1

76 +0

VolDiff by aim4r

VolDiff: Malware Memory Footprint Analysis based on Volatility

created at April 19, 2015, 12:30 a.m.

28 +0

193 +1

50 +0

gsvsoc_cirt-playbook-battle-cards by guardsight

Cyber Incident Response Team Playbook Battle Cards

created at Oct. 27, 2019, 4:28 a.m.

17 +0

360 +0

67 +1

Aurora-Incident-Response by cyb3rfox

Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders

created at June 9, 2020, 12:12 p.m.

42 +0

766 +1

81 +0

playbooks by phantomcyber

Phantom Community Playbooks

created at Aug. 31, 2015, 10:35 p.m.

63 +0

472 +0

201 +0

Zircolite by wagga40

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

created at March 2, 2021, 11:17 p.m.

25 +0

680 +1

91 +0

APT-Hunter by ahmedkhlief

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

created at Dec. 26, 2020, 9:52 p.m.

47 +0

1,255 +3

239 +1

dfirtrack by dfirtrack

DFIRTrack - The Incident Response Tracking Application

created at Nov. 11, 2018, 10:14 p.m.

25 +0

482 +0

75 +0

stringsifter by mandiant

A machine learning tool that ranks strings based on their relevance for malware analysis.

created at Sept. 5, 2019, 1:02 p.m.

29 +0

681 +2

125 +0

flare-vm by mandiant

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

created at July 5, 2017, 9:17 p.m.

200 +0

6,588 +24

919 +2

capa by mandiant

The FLARE team's open-source tool to identify capabilities in executable files.

created at June 16, 2020, 9:24 p.m.

82 +0

4,875 +18

560 +2