DidierStevensSuite by DidierStevens

Please no pull requests for this repository. Thanks!

created at May 8, 2015, 11:21 a.m.

122 +0

1,858 +11

503 +1

osxcollector by Yelp

A forensic evidence collection & analysis toolkit for OS X

created at Aug. 4, 2014, 6:25 p.m.

125 +0

1,861 +1

240 +0

hayabusa by Yamato-Security

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

created at Sept. 18, 2020, 5:04 a.m.

42 +0

1,992 +9

170 +0

fibratus by rabbitstack

A modern tool for Windows kernel exploration and tracing with a focus on security

created at March 25, 2016, 11:28 a.m.

71 -1

2,093 +6

183 +0

EVTX-ATTACK-SAMPLES by sbousseaden

Windows Events Attack Samples

created at March 15, 2019, 8:45 a.m.

144 +0

2,138 +1

392 +0

MozDef by mozilla

DEPRECATED - MozDef: Mozilla Enterprise Defense Platform

created at Feb. 18, 2014, 7:43 a.m.

149 +0

2,175 +1

329 +0

fleet by fleetdm

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)

created at Nov. 3, 2020, 10:17 p.m.

31 -1

2,204 +13

359 +5

volatility3 by volatilityfoundation

Volatility 3.0 development

created at Jan. 26, 2014, 6:09 p.m.

55 +0

2,270 +18

373 +2

APTSimulator by NextronSystems

A toolset to make a system look as if it was the victim of an APT attack

created at Feb. 3, 2018, 2:19 p.m.

120 +0

2,391 +7

416 +0

rizin by rizinorg

UNIX-like reverse engineering framework and command-line toolset.

created at Sept. 30, 2020, 9:15 a.m.

45 +0

2,474 +7

327 -3

sysmon-modular by olafhartong

A repository of sysmon configuration modules

created at Jan. 13, 2018, 9:20 p.m.

164 +0

2,504 +2

568 +0

timesketch by google

Collaborative forensic timeline analysis

created at June 19, 2014, 5:49 p.m.

138 +0

2,507 +5

573 +3

chainsaw by WithSecureLabs

Rapidly Search and Hunt through Windows Forensic Artefacts

created at Aug. 13, 2021, 1:07 p.m.

50 +0

2,574 +6

230 +2

LogonTracer by JPCERTCC

Investigate malicious Windows logon by visualizing and analyzing Windows event log

created at Nov. 24, 2017, 6:07 a.m.

136 +0

2,642 +7

440 -1

MemProcFS by ufrisk

MemProcFS

created at Nov. 18, 2018, 6:19 p.m.

78 +1

2,706 +19

334 +2

velociraptor by Velocidex

Digging Deeper....

created at March 24, 2018, 7:39 a.m.

72 +2

2,716 +13

454 +2

streamalert by airbnb

StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.

created at Jan. 22, 2017, 1:10 a.m.

101 +0

2,825 +0

334 +0

security-onion by Security-Onion-Solutions

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

created at March 24, 2015, 8:15 p.m.

302 +0

3,056 +0

518 +0

OSXAuditor by jipegit

OS X Auditor is a free Mac OS X computer forensics tool

created at June 19, 2013, 5:26 p.m.

183 +0

3,130 +0

283 +0

Loki by Neo23x0

Loki - Simple IOC and YARA Scanner

created at Jan. 18, 2015, 8:39 a.m.

187 +0

3,254 +0

574 -1