zentral by zentralopensource

Zentral is a high-visibility platform for controlling Apple endpoints in enterprises. It brings great observability to IT and makes tracking & reporting compliance much less manual.

created at Oct. 20, 2015, 2:03 p.m.

32 +0

752 +1

82 +0

nightHawkResponse by biggiesmallsAG

Incident Response Forensic Framework

created at July 6, 2016, 11:02 a.m.

82 +0

598 +0

125 +0

MozDef by mozilla

DEPRECATED - MozDef: Mozilla Enterprise Defense Platform

created at Feb. 18, 2014, 7:43 a.m.

151 +0

2,168 +0

328 +0

grr by google

GRR Rapid Response: remote live forensics for incident response

created at Dec. 4, 2013, 12:17 a.m.

316 +1

4,783 +9

763 +2

falcon-orchestrator by CrowdStrike

CrowdStrike Falcon Orchestrator provides automated workflow and response capabilities

created at April 22, 2016, 1:25 a.m.

35 +0

186 +0

54 +0

doorman by mwielgoszewski

an osquery fleet manager

created at April 22, 2016, 7:31 p.m.

33 +0

621 +1

90 +0

Skadi by orlikoski

Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux

created at Oct. 25, 2016, 2:57 p.m.

38 +0

491 +0

70 +0

CDQR by orlikoski

The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux, MacOS, and Android devices

created at Jan. 14, 2016, 4:48 p.m.

30 +0

334 +0

50 +0

CIRTKit by opensourcesec

Tools for the Computer Incident Response Team

created at Oct. 19, 2015, 3:50 p.m.

20 +0

142 +0

25 +0

awesome-forensics by cugu

⭐️ A curated list of awesome forensic analysis tools and resources

created at March 29, 2016, 8:54 p.m.

174 +0

3,995 +15

623 +0

atomic-red-team by redcanaryco

Small and highly portable detection tests based on MITRE's ATT&CK.

created at Oct. 11, 2017, 5:23 p.m.

352 -1

9,789 +25

2,803 +2

caldera by mitre

Automated Adversary Emulation Platform

created at Nov. 29, 2017, 1:25 a.m.

171 +1

5,655 +17

1,074 +2

APTSimulator by NextronSystems

A toolset to make a system look as if it was the victim of an APT attack

created at Feb. 3, 2018, 2:19 p.m.

122 +0

2,469 +6

428 +0

metta by uber-common

An information security preparedness tool to do adversarial simulation.

created at Nov. 1, 2017, 9:24 p.m.

75 +0

1,101 +3

151 +0

flightsim by alphasoc

A utility to safely generate malicious network traffic patterns and evaluate controls.

created at Jan. 10, 2018, 12:31 p.m.

35 +0

1,260 +3

132 +0

RTA by endgameinc

None

created at March 19, 2018, 7:59 p.m.

96 +0

1,050 +1

212 +0

AutoTTP by jymcheong

Automated Tactics Techniques & Procedures

created at Sept. 7, 2017, 6:25 a.m.

24 +0

251 +0

64 +0

RedHunt-OS by redhuntlabs

Virtual Machine for Adversary Emulation and Threat Hunting

created at March 14, 2018, 7:31 p.m.

84 +0

1,247 +0

193 +0

diffy by Netflix-Skunkworks

(DEPRECATED) Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.

created at May 1, 2018, 10:11 p.m.

144 -1

635 +1

59 +0

fibratus by rabbitstack

Adversary tradecraft detection, protection, and hunting

created at March 25, 2016, 11:28 a.m.

70 +0

2,210 +0

190 +0