fibratus by rabbitstack

A modern tool for Windows kernel exploration and tracing with a focus on security

updated at June 15, 2024, 5:30 a.m.

Go

71 +0

2,102 +6

184 +0

GitHub
capa by mandiant

The FLARE team's open-source tool to identify capabilities in executable files.

updated at June 15, 2024, 7:34 a.m.

Python

80 -1

3,955 +12

496 +2

GitHub
Zircolite by wagga40

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

updated at June 15, 2024, 9:44 a.m.

Python

24 +0

612 +2

84 +0

GitHub
ThreatHunter-Playbook by OTRF

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

updated at June 15, 2024, 10:20 a.m.

Python

369 +0

3,905 +2

798 +1

GitHub
RedHunt-OS by redhuntlabs

Virtual Machine for Adversary Emulation and Threat Hunting

updated at June 15, 2024, 10:56 a.m.

Unknown languages

84 +0

1,207 +1

185 +1

GitHub
APT-Hunter by ahmedkhlief

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

updated at June 15, 2024, 12:42 p.m.

Python

48 +0

1,185 +2

235 +0

GitHub
spyre by spyre-project

simple YARA-based IOC scanner

updated at June 15, 2024, 4:03 p.m.

Go

12 +0

159 -1

27 +0

GitHub
CAPEv2 by kevoreilly

Malware Configuration And Payload Extraction

updated at June 15, 2024, 4:07 p.m.

Python

65 +0

1,741 +10

385 +3

GitHub
timesketch by google

Collaborative forensic timeline analysis

updated at June 15, 2024, 5:18 p.m.

Python

137 +0

2,517 +3

577 +1

GitHub
rizin by rizinorg

UNIX-like reverse engineering framework and command-line toolset.

updated at June 15, 2024, 5:28 p.m.

C

45 +0

2,501 +5

339 +0

GitHub
matano by matanolabs

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

updated at June 15, 2024, 6:36 p.m.

Rust

21 +0

1,386 +13

94 +2

GitHub
Loki by Neo23x0

Loki - Simple IOC and YARA Scanner

updated at June 15, 2024, 10:23 p.m.

Python

186 +0

3,271 +5

575 +1

GitHub
Fenrir by Neo23x0

Simple Bash IOC Scanner

updated at June 15, 2024, 10:26 p.m.

Shell

39 +0

671 +1

103 +0

GitHub
MemProcFS by ufrisk

MemProcFS

updated at June 15, 2024, 10:30 p.m.

C

78 +0

2,766 +14

342 +3

GitHub
mac_apt by ydkhatri

macOS (& ios) Artifact Parsing Tool

updated at June 15, 2024, 10:37 p.m.

Python

44 +0

730 +4

100 +1

GitHub
flare-vm by mandiant

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

updated at June 15, 2024, 11:11 p.m.

PowerShell

201 +1

6,025 +30

877 -2

GitHub
radare2 by radareorg

UNIX-like reverse engineering framework and command-line toolset

updated at June 16, 2024, 12:33 a.m.

C

486 +2

19,860 +35

2,951 +2

GitHub
Aurora-Incident-Response by cyb3rfox

Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders

updated at June 16, 2024, 1:25 a.m.

JavaScript

42 +1

738 +4

78 +0

GitHub
velociraptor by Velocidex

Digging Deeper....

updated at June 16, 2024, 2:06 a.m.

Go

72 -1

2,747 +10

461 +2

GitHub
grr by google

GRR Rapid Response: remote live forensics for incident response

updated at June 16, 2024, 3:54 a.m.

Python

317 +0

4,681 +7

760 +0

GitHub