APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
updated at May 9, 2024, 10:54 a.m.
PowerForensics provides an all in one platform for live disk forensic analysis
updated at May 9, 2024, 10:36 a.m.
$MFT directory tree reconstruction & FILE record info
updated at May 9, 2024, 5:54 a.m.
Catalyst is an open source SOAR and ticket system that helps to automate alert handling and incident response processes
updated at May 9, 2024, 2:01 a.m.
A collective list of public APIs for use in security. Contributions welcome
updated at May 8, 2024, 8:53 p.m.
LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. LiME is unique in that it is the first tool that allows full memory captures from Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition.
updated at May 8, 2024, 3:16 a.m.
🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system
updated at May 7, 2024, 9:07 p.m.
CLI utility and Python module for analyzing log files and other data.
updated at May 7, 2024, 8:16 p.m.
A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
updated at May 7, 2024, 8:04 p.m.
A Python library to interface with a cuckoo-modified instance
updated at May 7, 2024, 12:53 p.m.
Memory acquisition for Linux that makes sense.
updated at May 7, 2024, 9:13 a.m.
This is the development tree. Production downloads are at:
updated at May 7, 2024, 1:56 a.m.
Zentral is a high-visibility platform for controlling Apple endpoints in enterprises. It brings great observability to IT and makes tracking & reporting compliance much less manual.
updated at May 7, 2024, 12:57 a.m.