EVTX-ATTACK-SAMPLES by sbousseaden

Windows Events Attack Samples

created at March 15, 2019, 8:45 a.m.

143 -1

2,248 +3

398 +0

MalConfScan by JPCERTCC

Volatility plugin for extracts configuration data of known malware

created at April 22, 2019, 12:23 a.m.

36 +0

485 +2

67 +0

avml by Microsoft

AVML - Acquire Volatile Memory for Linux

created at June 6, 2019, 11:01 p.m.

32 +0

875 +1

76 +0

stringsifter by mandiant

A machine learning tool that ranks strings based on their relevance for malware analysis.

created at Sept. 5, 2019, 1:02 p.m.

29 +0

681 +2

125 +0

dfir-orc by DFIR-ORC

Forensics artefact collection tool for systems running Microsoft Windows

created at Sept. 20, 2019, 9:30 a.m.

26 -1

387 +1

42 +0

CAPEv2 by kevoreilly

Malware Configuration And Payload Extraction

created at Oct. 15, 2019, 6:16 p.m.

65 +0

2,011 +14

425 +0

gsvsoc_cirt-playbook-battle-cards by guardsight

Cyber Incident Response Team Playbook Battle Cards

created at Oct. 27, 2019, 4:28 a.m.

17 +0

360 +0

67 +1

Kuiper by DFIRKuiper

Digital Forensics Investigation Platform

created at Nov. 1, 2019, 4:45 a.m.

34 +0

769 +1

111 +0

artifactcollector by forensicanalysis

🧭 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system

created at Jan. 3, 2020, 3:16 p.m.

8 +0

270 +2

21 +0

uac by tclahr

UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

created at Jan. 8, 2020, 5:19 p.m.

28 +0

797 +3

124 +0

Shuffle by Shuffle

Shuffle: A general purpose security automation platform. Our focus is on collaboration and resource sharing.

created at May 7, 2020, 12:28 p.m.

41 +0

1,743 +4

336 +0

orochi by LDO-CERT

The Volatility Collaborative GUI

created at May 18, 2020, 2:01 p.m.

11 +0

225 +2

19 +0

RegRipper3.0 by keydet89

RegRipper3.0

created at May 27, 2020, 3:24 p.m.

26 +0

557 +3

126 +3

Aurora-Incident-Response by cyb3rfox

Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders

created at June 9, 2020, 12:12 p.m.

42 +0

766 +1

81 +0

capa by mandiant

The FLARE team's open-source tool to identify capabilities in executable files.

created at June 16, 2020, 9:24 p.m.

82 +0

4,875 +18

560 +2

hayabusa by Yamato-Security

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

created at Sept. 18, 2020, 5:04 a.m.

42 +1

2,305 +15

203 +0

rizin by rizinorg

UNIX-like reverse engineering framework and command-line toolset.

created at Sept. 30, 2020, 9:15 a.m.

47 +0

2,710 +5

363 +2

Raccine by Neo23x0

A Simple Ransomware Vaccine

created at Oct. 3, 2020, 11:30 a.m.

43 +0

944 +0

122 +0

fleet by fleetdm

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)

created at Nov. 3, 2020, 10:17 p.m.

36 +2

3,119 +12

431 +4

MFT_Browser by kacos2000

$MFT directory tree reconstruction & FILE record info

created at Dec. 26, 2020, 2:28 a.m.

13 +0

292 +0

32 +0