APTSimulator by NextronSystems

A toolset to make a system look as if it was the victim of an APT attack

updated at June 13, 2024, 7:58 a.m.

120 +0

2,397 +2

419 +1

margaritashotgun by ThreatResponse

Remote Memory Acquisition Tool

updated at June 13, 2024, 5:24 a.m.

17 +0

236 +1

50 +0

PowerForensics by Invoke-IR

PowerForensics provides an all in one platform for live disk forensic analysis

updated at June 13, 2024, 12:03 a.m.

159 +0

1,369 +2

276 +0

EVTX-ATTACK-SAMPLES by sbousseaden

Windows Events Attack Samples

updated at June 12, 2024, 8:26 p.m.

144 +0

2,155 +8

392 +0

security-onion by Security-Onion-Solutions

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

updated at June 12, 2024, 6:24 p.m.

301 +0

3,055 +0

518 +0

RegRipper3.0 by keydet89

RegRipper3.0

updated at June 12, 2024, 4:40 p.m.

27 +0

502 +1

122 +0

metta by uber-common

An information security preparedness tool to do adversarial simulation.

updated at June 12, 2024, 3:35 p.m.

74 +0

1,080 +1

150 +0

LiME by 504ensicsLabs

LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. LiME is unique in that it is the first tool that allows full memory captures from Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition.

updated at June 12, 2024, 3:32 p.m.

81 +0

1,654 +2

334 +2

acquire by fox-it

acquire is a tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container.

updated at June 12, 2024, 2:59 p.m.

12 +0

78 +0

18 +1

AutoTTP by jymcheong

Automated Tactics Techniques & Procedures

updated at June 12, 2024, 11:22 a.m.

24 +0

245 +1

64 +0

dftimewolf by log2timeline

A framework for orchestrating forensic collection, processing and data export

updated at June 12, 2024, 12:42 a.m.

25 +0

280 +0

69 +0

ir-rescue by diogo-fernan

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

updated at June 11, 2024, 6:33 p.m.

44 +0

454 +1

94 +0

catalyst by SecurityBrewery

Catalyst is an open source SOAR and ticket system that helps to automate alert handling and incident response processes

updated at June 11, 2024, 10:16 a.m.

5 +0

283 +1

35 +0

osxcollector by Yelp

A forensic evidence collection & analysis toolkit for OS X

updated at June 11, 2024, 10:08 a.m.

125 +0

1,862 +1

241 +1

LogonTracer by JPCERTCC

Investigate malicious Windows logon by visualizing and analyzing Windows event log

updated at June 10, 2024, 11:29 p.m.

136 +0

2,652 +1

441 +1

IRM by certsocietegenerale

Incident Response Methodologies 2022

updated at June 9, 2024, 2:51 p.m.

42 +0

890 +2

137 +0

SOC-Multitool by zdhenard42

A powerful and user-friendly browser extension that streamlines investigations for security professionals.

updated at June 9, 2024, 1:47 p.m.

10 +0

313 +1

42 +0

CyLR by orlikoski

CyLR - Live Response Collection Tool

updated at June 9, 2024, 10:12 a.m.

32 +0

606 +1

90 +1

CimSweep by mattifestation

CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows.

updated at June 9, 2024, 2:44 a.m.

74 +0

636 +0

151 +0

morgue by etsy

post mortem tracker

updated at June 8, 2024, 8:52 p.m.

75 +0

1,014 +0

132 +0