pyarascanner by nogoodconfig

A simple many-rules to many-files YARA scanner for incident response or malware zoos.

created at May 3, 2018, 11:49 a.m.

3 +0

25 +0

4 +0

diffy by Netflix-Skunkworks

(DEPRECATED) Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.

created at May 1, 2018, 10:11 p.m.

143 +0

635 +0

60 +0

rastrea2r by rastrea2r

Collecting & Hunting for IOCs with gusto and style

created at May 1, 2018, 6:21 p.m.

18 +0

234 +0

53 +0

velociraptor by Velocidex

Digging Deeper....

created at March 24, 2018, 7:39 a.m.

70 +0

2,692 +19

450 +3

RTA by endgameinc

None

created at March 19, 2018, 7:59 p.m.

98 +0

1,035 +1

213 +0

RedHunt-OS by redhuntlabs

Virtual Machine for Adversary Emulation and Threat Hunting

created at March 14, 2018, 7:31 p.m.

85 +0

1,199 +3

183 +1

Meerkat by TonyPhipps

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

created at Feb. 8, 2018, 11:30 a.m.

31 +0

423 +0

84 +0

APTSimulator by NextronSystems

A toolset to make a system look as if it was the victim of an APT attack

created at Feb. 3, 2018, 2:19 p.m.

120 +0

2,379 +6

416 +2

artifacts-kb by ForensicArtifacts

Digital Forensics Artifacts Knowledge Base

created at Jan. 17, 2018, 7:31 p.m.

8 +0

69 +0

15 +0

Invoke-LiveResponse by mgreen27

Invoke-LiveResponse

created at Jan. 14, 2018, 9:42 a.m.

13 +0

144 +0

29 +0

sysmon-modular by olafhartong

A repository of sysmon configuration modules

created at Jan. 13, 2018, 9:20 p.m.

164 +0

2,497 +4

567 +0

flightsim by alphasoc

A utility to safely generate malicious network traffic patterns and evaluate controls.

created at Jan. 10, 2018, 12:31 p.m.

35 +0

1,188 +2

128 +0

security-apis by deralexxx

A collective list of public APIs for use in security. Contributions welcome

created at Jan. 9, 2018, 7:58 p.m.

59 +0

844 +2

129 +0

caldera by mitre

Automated Adversary Emulation Platform

created at Nov. 29, 2017, 1:25 a.m.

168 +2

5,206 +19

1,014 +2

LogonTracer by JPCERTCC

Investigate malicious Windows logon by visualizing and analyzing Windows event log

created at Nov. 24, 2017, 6:07 a.m.

136 +0

2,633 +3

441 +1

metta by uber-common

An information security preparedness tool to do adversarial simulation.

created at Nov. 1, 2017, 9:24 p.m.

74 +0

1,074 +0

151 +0

atomic-red-team by redcanaryco

Small and highly portable detection tests based on MITRE's ATT&CK.

created at Oct. 11, 2017, 5:23 p.m.

344 +1

9,109 +23

2,676 +8

munin by Neo23x0

Online hash checker for Virustotal and other services

created at Oct. 9, 2017, 11:04 a.m.

42 +0

797 +0

147 +0

DumpsterFire by TryCatchHCF

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

created at Oct. 5, 2017, 11:44 p.m.

50 +0

967 +0

148 +0

cutter by rizinorg

Free and Open Source Reverse Engineering Platform powered by rizin

created at Sept. 25, 2017, 9:50 a.m.

300 -1

15,111 +47

1,129 +1