AChoir by OMENScan

Windows Live Artifacts Acquisition Script

updated at May 5, 2024, 11:48 p.m.

14 +0

176 +1

31 +0

appcompatprocessor by mbevilacqua

"Evolving AppCompat/AmCache data analysis beyond grep"

updated at May 5, 2024, 5:56 p.m.

17 +0

189 +1

26 +0

mastiff by KoreLogicSecurity

Malware static analysis framework

updated at May 4, 2024, 9:59 p.m.

18 +0

173 +0

39 +0

security-onion by Security-Onion-Solutions

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

updated at May 2, 2024, 10:25 a.m.

302 +0

3,055 +0

518 +0

rastrea2r by rastrea2r

Collecting & Hunting for IOCs with gusto and style

updated at May 2, 2024, 7:34 a.m.

18 +0

234 +0

53 +0

DumpsterFire by TryCatchHCF

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

updated at April 30, 2024, 7:23 p.m.

50 +0

967 +0

148 +0

CyLR by orlikoski

CyLR - Live Response Collection Tool

updated at April 30, 2024, 6:03 p.m.

32 +0

600 +0

88 +0

MozDef by mozilla

DEPRECATED - MozDef: Mozilla Enterprise Defense Platform

updated at April 30, 2024, 6:38 a.m.

149 +0

2,173 +0

328 +0

streamalert by airbnb

StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.

updated at April 30, 2024, 3:04 a.m.

101 +0

2,826 +0

334 +0

osxcollector by Yelp

A forensic evidence collection & analysis toolkit for OS X

updated at April 29, 2024, 8:41 a.m.

125 +0

1,861 +0

240 +0

Skadi by orlikoski

Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux

updated at April 28, 2024, 12:33 a.m.

37 +0

479 +0

68 +0

CimSweep by mattifestation

CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows.

updated at April 28, 2024, 12:09 a.m.

75 +0

634 +0

150 +0

OSXAuditor by jipegit

OS X Auditor is a free Mac OS X computer forensics tool

updated at April 27, 2024, 4:08 p.m.

183 +0

3,130 +0

282 +0

diffy by Netflix-Skunkworks

(DEPRECATED) Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.

updated at April 27, 2024, 8:50 a.m.

143 +0

635 +0

60 +0

metta by uber-common

An information security preparedness tool to do adversarial simulation.

updated at April 27, 2024, 8:50 a.m.

74 +0

1,074 +0

151 +0

margaritashotgun by ThreatResponse

Remote Memory Acquisition Tool

updated at April 27, 2024, 8:50 a.m.

17 +0

235 +0

50 +0

ir-rescue by diogo-fernan

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

updated at April 27, 2024, 8:50 a.m.

45 +0

447 +0

93 +0

nightHawkResponse by biggiesmallsAG

Incident Response Forensic Framework

updated at April 27, 2024, 8:49 a.m.

82 +0

596 +0

139 +0

threat_note by DefensePointSecurity

DPS' Lightweight Investigation Notebook

updated at April 27, 2024, 8:49 a.m.

57 +0

420 +0

97 +0

stenographer by google

Stenographer is a packet capture solution which aims to quickly spool all packets to disk, then provide simple, fast access to subsets of those packets. Discussion/announcements at stenographer@googlegroups.com

updated at April 25, 2024, 6:46 p.m.

104 +0

1,788 +0

232 +1