fibratus by rabbitstack

A modern tool for Windows kernel exploration and tracing with a focus on security

updated at June 15, 2024, 5:30 a.m.

71 +0

2,102 +6

184 +0

capa by mandiant

The FLARE team's open-source tool to identify capabilities in executable files.

updated at June 15, 2024, 7:34 a.m.

80 -1

3,955 +12

496 +2

Zircolite by wagga40

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

updated at June 15, 2024, 9:44 a.m.

24 +0

612 +2

84 +0

ThreatHunter-Playbook by OTRF

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

updated at June 15, 2024, 10:20 a.m.

369 +0

3,905 +2

798 +1

RedHunt-OS by redhuntlabs

Virtual Machine for Adversary Emulation and Threat Hunting

updated at June 15, 2024, 10:56 a.m.

84 +0

1,207 +1

185 +1

APT-Hunter by ahmedkhlief

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

updated at June 15, 2024, 12:42 p.m.

48 +0

1,185 +2

235 +0

spyre by spyre-project

simple YARA-based IOC scanner

updated at June 15, 2024, 4:03 p.m.

12 +0

159 -1

27 +0

CAPEv2 by kevoreilly

Malware Configuration And Payload Extraction

updated at June 15, 2024, 4:07 p.m.

65 +0

1,741 +10

385 +3

timesketch by google

Collaborative forensic timeline analysis

updated at June 15, 2024, 5:18 p.m.

137 +0

2,517 +3

577 +1

rizin by rizinorg

UNIX-like reverse engineering framework and command-line toolset.

updated at June 15, 2024, 5:28 p.m.

45 +0

2,501 +5

339 +0

matano by matanolabs

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

updated at June 15, 2024, 6:36 p.m.

21 +0

1,386 +13

94 +2

Loki by Neo23x0

Loki - Simple IOC and YARA Scanner

updated at June 15, 2024, 10:23 p.m.

186 +0

3,271 +5

575 +1

Fenrir by Neo23x0

Simple Bash IOC Scanner

updated at June 15, 2024, 10:26 p.m.

39 +0

671 +1

103 +0

MemProcFS by ufrisk

MemProcFS

updated at June 15, 2024, 10:30 p.m.

78 +0

2,766 +14

342 +3

mac_apt by ydkhatri

macOS (& ios) Artifact Parsing Tool

updated at June 15, 2024, 10:37 p.m.

44 +0

730 +4

100 +1

flare-vm by mandiant

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

updated at June 15, 2024, 11:11 p.m.

201 +1

6,025 +30

877 -2

radare2 by radareorg

UNIX-like reverse engineering framework and command-line toolset

updated at June 16, 2024, 12:33 a.m.

486 +2

19,860 +35

2,951 +2

Aurora-Incident-Response by cyb3rfox

Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders

updated at June 16, 2024, 1:25 a.m.

42 +1

738 +4

78 +0

velociraptor by Velocidex

Digging Deeper....

updated at June 16, 2024, 2:06 a.m.

72 -1

2,747 +10

461 +2

grr by google

GRR Rapid Response: remote live forensics for incident response

updated at June 16, 2024, 3:54 a.m.

317 +0

4,681 +7

760 +0