SysmonSearch by JPCERTCC

Investigate suspicious activity by visualizing Sysmon's event log

updated at May 31, 2024, 11:57 a.m.

JavaScript

43 +0

412 +0

58 +0

GitHub
IRTriage by AJMartel

Incident Response Triage - Windows Evidence Collection for Forensic Analysis

updated at May 31, 2024, 10:41 a.m.

AutoIt

17 +0

124 +0

26 +0

GitHub
viper by viper-framework

Binary analysis and management framework

updated at May 31, 2024, 10:41 a.m.

Python

148 +0

1,535 +0

353 +0

GitHub
MozDef by mozilla

DEPRECATED - MozDef: Mozilla Enterprise Defense Platform

updated at May 30, 2024, 4:41 p.m.

Python

150 +0

2,174 +0

329 +1

GitHub
domfind by diogo-fernan

A Python DNS crawler to find identical domain names under different TLDs.

updated at May 30, 2024, 8:42 a.m.

Python

4 +0

21 +0

3 +0

GitHub
Hoarder by muteb

This script is made to collect the most valiable artifacts for foreniscs or incident reponse investigation rather than imaging the whole har drive.

updated at May 29, 2024, 10:36 a.m.

Python

10 +0

189 +0

18 +0

GitHub
security-apis by deralexxx

A collective list of public APIs for use in security. Contributions welcome

updated at May 29, 2024, 7:31 a.m.

Unknown languages

59 +0

847 +0

130 +0

GitHub
Fastir_Collector by SekoiaLab

None

updated at May 27, 2024, 11:52 a.m.

Python

63 +0

504 +0

127 +0

GitHub
inVtero.net by ShaneK2

inVtero.net: A high speed (Gbps) Forensics, Memory integrity & assurance. Includes offensive & defensive memory capabilities. Find/Extract processes, hypervisors (including nested) in memory dumps using microarchitechture independent Virtual Machiene Introspection techniques

updated at May 27, 2024, 11:51 a.m.

C#

31 +0

277 +0

57 +0

GitHub
Skadi by orlikoski

Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux

updated at May 27, 2024, 11:50 a.m.

Shell

38 +1

482 +0

69 +1

GitHub
visualize_logs by keithjjones

A Python library and command line tools to provide interactive log visualization.

updated at May 27, 2024, 7:14 a.m.

HTML

15 +0

136 +0

36 +0

GitHub
stenographer by google

Stenographer is a packet capture solution which aims to quickly spool all packets to disk, then provide simple, fast access to subsets of those packets. Discussion/announcements at stenographer@googlegroups.com

updated at May 24, 2024, 10:23 p.m.

Go

104 +0

1,789 +0

234 +0

GitHub
incident-response-docs by PagerDuty

PagerDuty's Incident Response Documentation.

updated at May 22, 2024, 1:30 p.m.

Dockerfile

68 +0

1,011 +0

222 +0

GitHub
AChoir by OMENScan

Windows Live Artifacts Acquisition Script

updated at May 22, 2024, 5:52 a.m.

C++

14 +0

177 +0

31 +0

GitHub
cuckoo-modified by spender-sandbox

Modified edition of cuckoo

updated at May 18, 2024, 9:51 a.m.

Python

72 +0

389 +0

178 +0

GitHub
appcompatprocessor by mbevilacqua

"Evolving AppCompat/AmCache data analysis beyond grep"

updated at May 16, 2024, 1:39 p.m.

Python

17 +0

190 +0

26 +0

GitHub
mutablesecurity by MutableSecurity

CLI program for automating the setup, configuration, and use of cybersecurity solutions

updated at May 14, 2024, 9:23 p.m.

Python

1 +0

42 +0

7 +0

GitHub
fileintel by keithjjones

A modular Python application to pull intelligence about malicious files

updated at May 14, 2024, 12:11 p.m.

Python

17 +0

114 +0

25 +0

GitHub
SPECTR3 by alpine-sec

Forensic tool for acquisition, triage and analysis of remote block devices via iSCSI protocol.

updated at May 10, 2024, 9:09 a.m.

C#

4 +0

36 +0

3 +0

GitHub
cuckoo-modified-api by keithjjones

A Python library to interface with a cuckoo-modified instance

updated at May 7, 2024, 12:53 p.m.

Python

6 +0

19 +0

7 +0

GitHub