Aurora-Incident-Response by cyb3rfox

Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders

updated at Nov. 15, 2024, 4:46 p.m.

42 +0

766 +1

81 +0

Meerkat by TonyPhipps

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

updated at Nov. 15, 2024, 5:06 p.m.

31 +0

435 +0

82 +0

matano by matanolabs

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

updated at Nov. 15, 2024, 9:32 p.m.

22 +0

1,472 +8

100 +0

mac_apt by ydkhatri

macOS (& ios) Artifact Parsing Tool

updated at Nov. 15, 2024, 11:47 p.m.

44 +0

782 +2

102 +2

Loki by Neo23x0

Loki - Simple IOC and YARA Scanner

updated at Nov. 16, 2024, 2:16 a.m.

184 +0

3,402 +7

583 +0

Fenrir by Neo23x0

Simple Bash IOC Scanner

updated at Nov. 16, 2024, 2:17 a.m.

41 +0

697 +3

103 +0

catalyst by SecurityBrewery

⚡️ Catalyst is a self-hosted, open source incident response platform and ticket system that helps to automate alert handling and incident response processes

updated at Nov. 16, 2024, 3:51 a.m.

7 +0

350 +4

37 +0

grr by google

GRR Rapid Response: remote live forensics for incident response

updated at Nov. 16, 2024, 4:08 a.m.

316 +1

4,783 +9

763 +2

fibratus by rabbitstack

Adversary tradecraft detection, protection, and hunting

updated at Nov. 16, 2024, 6:59 a.m.

70 +0

2,210 +0

190 +0

inVtero.net by ShaneK2

inVtero.net: A high speed (Gbps) Forensics, Memory integrity & assurance. Includes offensive & defensive memory capabilities. Find/Extract processes, hypervisors (including nested) in memory dumps using microarchitechture independent Virtual Machiene Introspection techniques

updated at Nov. 16, 2024, 7:14 a.m.

30 +0

279 +1

57 +0

orochi by LDO-CERT

The Volatility Collaborative GUI

updated at Nov. 16, 2024, 7:18 a.m.

11 +0

225 +2

19 +0

VolDiff by aim4r

VolDiff: Malware Memory Footprint Analysis based on Volatility

updated at Nov. 16, 2024, 7:18 a.m.

28 +0

193 +1

50 +0

Hoarder by muteb

This script is made to collect the most valiable artifacts for foreniscs or incident reponse investigation rather than imaging the whole har drive.

updated at Nov. 16, 2024, 7:32 a.m.

10 +0

193 +1

19 +0

LogonTracer by JPCERTCC

Investigate malicious Windows logon by visualizing and analyzing Windows event log

updated at Nov. 16, 2024, 7:41 a.m.

136 +0

2,735 +6

443 +0

security-onion by Security-Onion-Solutions

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

updated at Nov. 16, 2024, 8:33 a.m.

301 +0

3,076 +3

522 +1

stenographer by google

Stenographer is a packet capture solution which aims to quickly spool all packets to disk, then provide simple, fast access to subsets of those packets. Discussion/announcements at stenographer@googlegroups.com

updated at Nov. 16, 2024, 8:38 a.m.

101 +0

1,790 +2

238 +0

zentral by zentralopensource

Zentral is a high-visibility platform for controlling Apple endpoints in enterprises. It brings great observability to IT and makes tracking & reporting compliance much less manual.

updated at Nov. 16, 2024, 2:52 p.m.

32 +0

752 +1

82 +0

ThreatHunter-Playbook by OTRF

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

updated at Nov. 16, 2024, 3:22 p.m.

372 +0

4,023 +5

807 -1

sigma by SigmaHQ

Main Sigma Rule Repository

updated at Nov. 16, 2024, 4:32 p.m.

346 +1

8,369 +32

2,198 -2

MalConfScan by JPCERTCC

Volatility plugin for extracts configuration data of known malware

updated at Nov. 16, 2024, 4:34 p.m.

36 +0

485 +2

67 +0