"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
created at Oct. 5, 2017, 11:44 p.m.
Rapidly Search and Hunt through Windows Forensic Artefacts
created at Aug. 13, 2021, 1:07 p.m.
DPS' Lightweight Investigation Notebook
created at Aug. 24, 2015, 2:53 p.m.
A collective list of public APIs for use in security. Contributions welcome
created at Jan. 9, 2018, 7:58 p.m.
Malware Configuration And Payload Extraction
created at Oct. 15, 2019, 6:16 p.m.
Web browser forensics for Google Chrome/Chromium
created at May 22, 2014, 3:25 a.m.
PagerDuty's Incident Response Documentation.
created at Nov. 28, 2016, 5:58 p.m.
A modern tool for Windows kernel exploration and tracing with a focus on security
created at March 25, 2016, 11:28 a.m.
Digital Forensics artifact repository
created at Oct. 31, 2014, 7:13 p.m.
This is the development tree. Production downloads are at:
created at April 3, 2012, 4:36 a.m.
An information security preparedness tool to do adversarial simulation.
created at Nov. 1, 2017, 9:24 p.m.
CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows.
created at Jan. 30, 2016, 4:58 a.m.