atomic-red-team by redcanaryco

Small and highly portable detection tests based on MITRE's ATT&CK.

updated at May 25, 2024, 5:37 p.m.

347 +0

9,169 +33

2,682 +4

HELK by Cyb3rWard0g

The Hunting ELK

updated at May 25, 2024, 4:18 p.m.

215 -1

3,710 +5

673 +0

rizin by rizinorg

UNIX-like reverse engineering framework and command-line toolset.

updated at May 25, 2024, 4:16 p.m.

45 +0

2,474 +7

327 -3

awesome-event-ids by stuhli

Collection of Event ID ressources useful for Digital Forensics and Incident Response

updated at May 25, 2024, 3:37 p.m.

24 +0

549 +2

82 +0

zentral by zentralopensource

Zentral is a high-visibility platform for controlling Apple endpoints in enterprises. It brings great observability to IT and makes tracking & reporting compliance much less manual.

updated at May 25, 2024, 3:27 p.m.

31 +0

722 +0

83 +0

chainsaw by WithSecureLabs

Rapidly Search and Hunt through Windows Forensic Artefacts

updated at May 25, 2024, 2:50 p.m.

50 +0

2,574 +6

230 +2

sigma by SigmaHQ

Main Sigma Rule Repository

updated at May 25, 2024, 2:43 p.m.

328 +1

7,723 +23

2,103 +0

Fenrir by Neo23x0

Simple Bash IOC Scanner

updated at May 25, 2024, 2:38 p.m.

39 +0

664 +1

103 +0

Loki by Neo23x0

Loki - Simple IOC and YARA Scanner

updated at May 25, 2024, 2:35 p.m.

187 +0

3,254 +0

574 -1

sysmon-config by SwiftOnSecurity

Sysmon configuration file template with default high-quality event tracing

updated at May 25, 2024, 12:07 p.m.

357 +0

4,601 +7

1,674 +3

iris-web by dfir-iris

Collaborative Incident Response platform

updated at May 25, 2024, 11:26 a.m.

26 +0

953 +8

146 +2

velociraptor by Velocidex

Digging Deeper....

updated at May 25, 2024, 8:20 a.m.

72 +2

2,716 +13

454 +2

CAPEv2 by kevoreilly

Malware Configuration And Payload Extraction

updated at May 25, 2024, 7:43 a.m.

65 +1

1,707 +5

381 +0

caldera by mitre

Automated Adversary Emulation Platform

updated at May 25, 2024, 3:12 a.m.

166 +0

5,241 +17

1,018 +3

bulk_extractor by simsong

This is the development tree. Production downloads are at:

updated at May 25, 2024, 12:15 a.m.

74 +0

1,021 +2

181 +0

stenographer by google

Stenographer is a packet capture solution which aims to quickly spool all packets to disk, then provide simple, fast access to subsets of those packets. Discussion/announcements at stenographer@googlegroups.com

updated at May 24, 2024, 10:23 p.m.

104 +0

1,789 +1

233 +1

artifacts by ForensicArtifacts

Digital Forensics artifact repository

updated at May 24, 2024, 7:53 p.m.

73 +0

994 +3

203 -1

metta by uber-common

An information security preparedness tool to do adversarial simulation.

updated at May 24, 2024, 6:38 p.m.

74 +0

1,077 +3

150 -1

flightsim by alphasoc

A utility to safely generate malicious network traffic patterns and evaluate controls.

updated at May 24, 2024, 6:08 p.m.

35 +0

1,195 +3

128 +0

sysmon-modular by olafhartong

A repository of sysmon configuration modules

updated at May 24, 2024, 5:46 p.m.

164 +0

2,504 +2

568 +0