A simple many-rules to many-files YARA scanner for incident response or malware zoos.
created at May 3, 2018, 11:49 a.m.
(DEPRECATED) Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
created at May 1, 2018, 10:11 p.m.
Virtual Machine for Adversary Emulation and Threat Hunting
created at March 14, 2018, 7:31 p.m.
A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
created at Feb. 8, 2018, 11:30 a.m.
A toolset to make a system look as if it was the victim of an APT attack
created at Feb. 3, 2018, 2:19 p.m.
Digital Forensics Artifacts Knowledge Base
created at Jan. 17, 2018, 7:31 p.m.
A repository of sysmon configuration modules
created at Jan. 13, 2018, 9:20 p.m.
A collective list of public APIs for use in security. Contributions welcome
created at Jan. 9, 2018, 7:58 p.m.
Investigate malicious Windows logon by visualizing and analyzing Windows event log
created at Nov. 24, 2017, 6:07 a.m.
An information security preparedness tool to do adversarial simulation.
created at Nov. 1, 2017, 9:24 p.m.
Small and highly portable detection tests based on MITRE's ATT&CK.
created at Oct. 11, 2017, 5:23 p.m.
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
created at Oct. 5, 2017, 11:44 p.m.