RTA by endgameinc

None

updated at Nov. 14, 2024, 8:50 a.m.

96 +0

1,050 +1

212 +0

DumpsterFire by TryCatchHCF

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

updated at Nov. 14, 2024, 8:49 a.m.

50 +0

996 +2

146 +0

Fastir_Collector_Linux by SekoiaLab

None

updated at Nov. 14, 2024, 7:44 a.m.

23 +0

173 +1

42 +0

incident-response-docs by PagerDuty

PagerDuty's Incident Response Documentation.

updated at Nov. 14, 2024, 7:18 a.m.

68 +0

1,022 +1

224 -1

APT-Hunter by ahmedkhlief

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

updated at Nov. 14, 2024, 4 a.m.

47 +0

1,255 +3

239 +1

margaritashotgun by ThreatResponse

Remote Memory Acquisition Tool

updated at Nov. 14, 2024, 3:59 a.m.

17 +0

242 +1

50 +0

avml by Microsoft

AVML - Acquire Volatile Memory for Linux

updated at Nov. 14, 2024, 12:13 a.m.

32 +0

875 +1

76 +0

uac by tclahr

UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

updated at Nov. 13, 2024, 11:23 p.m.

28 +0

797 +3

124 +0

CyLR by orlikoski

CyLR - Live Response Collection Tool

updated at Nov. 13, 2024, 10:07 p.m.

32 +0

645 +3

88 -1

IRM by certsocietegenerale

Incident Response Methodologies 2022

updated at Nov. 13, 2024, 7:25 p.m.

44 +0

978 +4

160 +1

PowerForensics by Invoke-IR

PowerForensics provides an all in one platform for live disk forensic analysis

updated at Nov. 13, 2024, 4:27 p.m.

158 +0

1,385 -1

274 +0

playbooks by phantomcyber

Phantom Community Playbooks

updated at Nov. 13, 2024, 2:37 p.m.

63 +0

472 +0

201 +0

streamalert by airbnb

StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.

updated at Nov. 13, 2024, 1:36 p.m.

101 +0

2,861 +3

332 -1

WELA by Yamato-Security

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

updated at Nov. 13, 2024, 1:35 p.m.

18 +0

763 +1

82 +0

munin by Neo23x0

Online hash checker for Virustotal and other services

updated at Nov. 13, 2024, 3:35 a.m.

42 +0

809 +1

147 +1

Kuiper by DFIRKuiper

Digital Forensics Investigation Platform

updated at Nov. 12, 2024, 6:53 p.m.

34 +0

769 +1

111 +0

stringsifter by mandiant

A machine learning tool that ranks strings based on their relevance for malware analysis.

updated at Nov. 12, 2024, 1:17 p.m.

29 +0

681 +2

125 +0

Zircolite by wagga40

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

updated at Nov. 12, 2024, 12:50 p.m.

25 +0

680 +1

91 +0

diffy by Netflix-Skunkworks

(DEPRECATED) Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.

updated at Nov. 11, 2024, 10:34 p.m.

144 -1

635 +1

59 +0

Fastir_Collector by SekoiaLab

None

updated at Nov. 11, 2024, 10 p.m.

63 +0

506 +1

126 +0