Windows Events Attack Samples
updated at Nov. 17, 2024, 1:41 a.m.
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
updated at Nov. 17, 2024, 1:36 a.m.
This is the development tree. Production downloads are at:
updated at Nov. 17, 2024, 12:02 a.m.
CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows.
updated at Nov. 16, 2024, 11:05 p.m.
Web browser forensics for Google Chrome/Chromium
updated at Nov. 16, 2024, 10:13 p.m.
🧭 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system
updated at Nov. 16, 2024, 10:08 p.m.
A toolset to make a system look as if it was the victim of an APT attack
updated at Nov. 16, 2024, 9:46 p.m.
LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. LiME is unique in that it is the first tool that allows full memory captures from Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition.
updated at Nov. 16, 2024, 6:08 p.m.
Volatility plugin for extracts configuration data of known malware
updated at Nov. 16, 2024, 4:34 p.m.
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
updated at Nov. 16, 2024, 3:22 p.m.
Zentral is a high-visibility platform for controlling Apple endpoints in enterprises. It brings great observability to IT and makes tracking & reporting compliance much less manual.
updated at Nov. 16, 2024, 2:52 p.m.
Stenographer is a packet capture solution which aims to quickly spool all packets to disk, then provide simple, fast access to subsets of those packets. Discussion/announcements at stenographer@googlegroups.com
updated at Nov. 16, 2024, 8:38 a.m.
Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management
updated at Nov. 16, 2024, 8:33 a.m.