hayabusa by Yamato-Security

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

updated at June 23, 2024, 2:36 p.m.

41 -1

2,049 +15

178 +4

atomic-red-team by redcanaryco

Small and highly portable detection tests based on MITRE's ATT&CK.

updated at June 23, 2024, 2:30 p.m.

349 -1

9,293 +24

2,706 +6

flare-vm by mandiant

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

updated at June 23, 2024, 1:42 p.m.

202 +1

6,061 +36

878 +1

LiME by 504ensicsLabs

LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. LiME is unique in that it is the first tool that allows full memory captures from Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition.

updated at June 23, 2024, 1:27 p.m.

81 +0

1,657 +3

334 +0

ghidra by NationalSecurityAgency

Ghidra is a software reverse engineering (SRE) framework

updated at June 23, 2024, 12:38 p.m.

1,022 -1

48,977 +156

5,633 +5

awesome-forensics by cugu

A curated list of awesome forensic analysis tools and resources

updated at June 23, 2024, 11:57 a.m.

167 +0

3,690 +22

598 +2

cutter by rizinorg

Free and Open Source Reverse Engineering Platform powered by rizin

updated at June 23, 2024, 11:51 a.m.

298 -2

15,288 +27

1,135 +0

DidierStevensSuite by DidierStevens

Please no pull requests for this repository. Thanks!

updated at June 23, 2024, 11:44 a.m.

124 +1

1,885 +6

506 +1

CAPEv2 by kevoreilly

Malware Configuration And Payload Extraction

updated at June 23, 2024, 10:17 a.m.

65 +0

1,747 +6

385 +0

volatility3 by volatilityfoundation

Volatility 3.0 development

updated at June 23, 2024, 10:08 a.m.

56 -1

2,342 +16

389 +1

security-onion by Security-Onion-Solutions

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

updated at June 23, 2024, 6:44 a.m.

301 +0

3,055 +0

517 -1

rizin by rizinorg

UNIX-like reverse engineering framework and command-line toolset.

updated at June 23, 2024, 6:15 a.m.

45 +0

2,508 +7

341 +2

fleet by fleetdm

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)

updated at June 23, 2024, 4:25 a.m.

30 -1

2,613 +83

373 +3

capa by mandiant

The FLARE team's open-source tool to identify capabilities in executable files.

updated at June 23, 2024, 4:16 a.m.

80 +0

3,967 +12

496 +0

sysmon-config by SwiftOnSecurity

Sysmon configuration file template with default high-quality event tracing

updated at June 23, 2024, 4:15 a.m.

357 -1

4,628 +7

1,681 +2

sysmon-modular by olafhartong

A repository of sysmon configuration modules

updated at June 23, 2024, 4:15 a.m.

165 +1

2,543 +5

572 +0

radare2 by radareorg

UNIX-like reverse engineering framework and command-line toolset

updated at June 23, 2024, 3:42 a.m.

486 +0

19,900 +40

2,951 +0

Fenrir by Neo23x0

Simple Bash IOC Scanner

updated at June 23, 2024, 3:36 a.m.

41 +2

672 +1

103 +0

Loki by Neo23x0

Loki - Simple IOC and YARA Scanner

updated at June 23, 2024, 3:34 a.m.

186 +0

3,276 +5

576 +1

caldera by mitre

Automated Adversary Emulation Platform

updated at June 23, 2024, 3:33 a.m.

166 +0

5,306 +14

1,028 -1