Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
updated at June 23, 2024, 2:36 p.m.
Small and highly portable detection tests based on MITRE's ATT&CK.
updated at June 23, 2024, 2:30 p.m.
LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. LiME is unique in that it is the first tool that allows full memory captures from Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition.
updated at June 23, 2024, 1:27 p.m.
Ghidra is a software reverse engineering (SRE) framework
updated at June 23, 2024, 12:38 p.m.
A curated list of awesome forensic analysis tools and resources
updated at June 23, 2024, 11:57 a.m.
Please no pull requests for this repository. Thanks!
updated at June 23, 2024, 11:44 a.m.
Malware Configuration And Payload Extraction
updated at June 23, 2024, 10:17 a.m.
Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management
updated at June 23, 2024, 6:44 a.m.
Sysmon configuration file template with default high-quality event tracing
updated at June 23, 2024, 4:15 a.m.
A repository of sysmon configuration modules
updated at June 23, 2024, 4:15 a.m.