LogonTracer by JPCERTCC

Investigate malicious Windows logon by visualizing and analyzing Windows event log

updated at Nov. 16, 2024, 7:41 a.m.

136 +0

2,735 +6

443 +0

Hoarder by muteb

This script is made to collect the most valiable artifacts for foreniscs or incident reponse investigation rather than imaging the whole har drive.

updated at Nov. 16, 2024, 7:32 a.m.

10 +0

193 +1

19 +0

VolDiff by aim4r

VolDiff: Malware Memory Footprint Analysis based on Volatility

updated at Nov. 16, 2024, 7:18 a.m.

28 +0

193 +1

50 +0

orochi by LDO-CERT

The Volatility Collaborative GUI

updated at Nov. 16, 2024, 7:18 a.m.

11 +0

225 +2

19 +0

inVtero.net by ShaneK2

inVtero.net: A high speed (Gbps) Forensics, Memory integrity & assurance. Includes offensive & defensive memory capabilities. Find/Extract processes, hypervisors (including nested) in memory dumps using microarchitechture independent Virtual Machiene Introspection techniques

updated at Nov. 16, 2024, 7:14 a.m.

30 +0

279 +1

57 +0

fibratus by rabbitstack

Adversary tradecraft detection, protection, and hunting

updated at Nov. 16, 2024, 6:59 a.m.

70 +0

2,210 +0

190 +0

grr by google

GRR Rapid Response: remote live forensics for incident response

updated at Nov. 16, 2024, 4:08 a.m.

316 +1

4,783 +9

763 +2

catalyst by SecurityBrewery

⚡️ Catalyst is a self-hosted, open source incident response platform and ticket system that helps to automate alert handling and incident response processes

updated at Nov. 16, 2024, 3:51 a.m.

7 +0

350 +4

37 +0

Fenrir by Neo23x0

Simple Bash IOC Scanner

updated at Nov. 16, 2024, 2:17 a.m.

41 +0

697 +3

103 +0

Loki by Neo23x0

Loki - Simple IOC and YARA Scanner

updated at Nov. 16, 2024, 2:16 a.m.

184 +0

3,402 +7

583 +0

mac_apt by ydkhatri

macOS (& ios) Artifact Parsing Tool

updated at Nov. 15, 2024, 11:47 p.m.

44 +0

782 +2

102 +2

matano by matanolabs

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

updated at Nov. 15, 2024, 9:32 p.m.

22 +0

1,472 +8

100 +0

Meerkat by TonyPhipps

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

updated at Nov. 15, 2024, 5:06 p.m.

31 +0

435 +0

82 +0

Aurora-Incident-Response by cyb3rfox

Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders

updated at Nov. 15, 2024, 4:46 p.m.

42 +0

766 +1

81 +0

timesketch by google

Collaborative forensic timeline analysis

updated at Nov. 15, 2024, 1:11 p.m.

137 +0

2,614 +6

589 +0

plaso by log2timeline

Super timeline all the things

updated at Nov. 15, 2024, 12:45 p.m.

94 +1

1,734 +2

352 +1

dissect by fox-it

Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).

updated at Nov. 15, 2024, 10:36 a.m.

22 +0

924 +3

65 +1

dftimewolf by log2timeline

A framework for orchestrating forensic collection, processing and data export

updated at Nov. 15, 2024, 4:23 a.m.

27 +0

296 -1

72 +0

metta by uber-common

An information security preparedness tool to do adversarial simulation.

updated at Nov. 14, 2024, 1:53 p.m.

75 +0

1,101 +3

151 +0

flightsim by alphasoc

A utility to safely generate malicious network traffic patterns and evaluate controls.

updated at Nov. 14, 2024, 10:47 a.m.

35 +0

1,260 +3

132 +0