streamalert by airbnb

StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.

created at Jan. 22, 2017, 1:10 a.m.

101 +0

2,861 +3

332 -1

Shuffle by Shuffle

Shuffle: A general purpose security automation platform. Our focus is on collaboration and resource sharing.

created at May 7, 2020, 12:28 p.m.

41 +0

1,743 +4

336 +0

LiME by 504ensicsLabs

LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. LiME is unique in that it is the first tool that allows full memory captures from Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition.

created at Sept. 23, 2014, 4:23 p.m.

81 +0

1,724 +0

340 +1

viper by viper-framework

Binary analysis and management framework

created at Nov. 9, 2013, 6:24 p.m.

148 +0

1,539 +0

350 +0

plaso by log2timeline

Super timeline all the things

created at Sept. 8, 2014, 11:29 p.m.

94 +1

1,734 +2

352 +1

rizin by rizinorg

UNIX-like reverse engineering framework and command-line toolset.

created at Sept. 30, 2020, 9:15 a.m.

47 +0

2,710 +5

363 +2

MemProcFS by ufrisk

MemProcFS

created at Nov. 18, 2018, 6:19 p.m.

85 +1

3,115 +39

380 +5

EVTX-ATTACK-SAMPLES by sbousseaden

Windows Events Attack Samples

created at March 15, 2019, 8:45 a.m.

143 -1

2,248 +3

398 +0

CAPEv2 by kevoreilly

Malware Configuration And Payload Extraction

created at Oct. 15, 2019, 6:16 p.m.

65 +0

2,011 +14

425 +0

APTSimulator by NextronSystems

A toolset to make a system look as if it was the victim of an APT attack

created at Feb. 3, 2018, 2:19 p.m.

122 +0

2,469 +6

428 +0

fleet by fleetdm

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)

created at Nov. 3, 2020, 10:17 p.m.

36 +2

3,119 +12

431 +4

LogonTracer by JPCERTCC

Investigate malicious Windows logon by visualizing and analyzing Windows event log

created at Nov. 24, 2017, 6:07 a.m.

136 +0

2,735 +6

443 +0

volatility3 by volatilityfoundation

Volatility 3.0 development

created at Jan. 26, 2014, 6:09 p.m.

57 +0

2,694 +19

460 +2

velociraptor by Velocidex

Digging Deeper....

created at March 24, 2018, 7:39 a.m.

75 +1

2,980 +11

492 +1

security-onion by Security-Onion-Solutions

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

created at March 24, 2015, 8:15 p.m.

301 +0

3,076 +3

522 +1

DidierStevensSuite by DidierStevens

Please no pull requests for this repository. Thanks!

created at May 8, 2015, 11:21 a.m.

127 +0

2,023 +8

531 +2

capa by mandiant

The FLARE team's open-source tool to identify capabilities in executable files.

created at June 16, 2020, 9:24 p.m.

82 +0

4,875 +18

560 +2

Loki by Neo23x0

Loki - Simple IOC and YARA Scanner

created at Jan. 18, 2015, 8:39 a.m.

184 +0

3,402 +7

583 +0

timesketch by google

Collaborative forensic timeline analysis

created at June 19, 2014, 5:49 p.m.

137 +0

2,614 +6

589 +0

sysmon-modular by olafhartong

A repository of sysmon configuration modules

created at Jan. 13, 2018, 9:20 p.m.

165 +0

2,664 +6

590 +2