DumpsterFire by TryCatchHCF

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

created at Oct. 5, 2017, 11:44 p.m.

50 +0

967 +0

148 +0

chainsaw by WithSecureLabs

Rapidly Search and Hunt through Windows Forensic Artefacts

created at Aug. 13, 2021, 1:07 p.m.

50 +1

2,568 +6

228 -1

volatility3 by volatilityfoundation

Volatility 3.0 development

created at Jan. 26, 2014, 6:09 p.m.

55 +0

2,252 +16

371 +0

threat_note by DefensePointSecurity

DPS' Lightweight Investigation Notebook

created at Aug. 24, 2015, 2:53 p.m.

57 +0

421 +1

97 +0

security-apis by deralexxx

A collective list of public APIs for use in security. Contributions welcome

created at Jan. 9, 2018, 7:58 p.m.

59 +0

845 +1

129 +0

playbooks by phantomcyber

Phantom Community Playbooks

created at Aug. 31, 2015, 10:35 p.m.

61 +0

453 +0

191 +0

Fastir_Collector by SekoiaLab

None

created at Oct. 23, 2015, 9:18 a.m.

63 +0

502 +0

127 -1

CAPEv2 by kevoreilly

Malware Configuration And Payload Extraction

created at Oct. 15, 2019, 6:16 p.m.

64 -1

1,702 +11

381 +1

hindsight by obsidianforensics

Web browser forensics for Google Chrome/Chromium

created at May 22, 2014, 3:25 a.m.

67 +0

1,026 +5

134 +0

incident-response-docs by PagerDuty

PagerDuty's Incident Response Documentation.

created at Nov. 28, 2016, 5:58 p.m.

68 +0

1,010 +1

222 +0

velociraptor by Velocidex

Digging Deeper....

created at March 24, 2018, 7:39 a.m.

70 +0

2,703 +11

452 +2

fibratus by rabbitstack

A modern tool for Windows kernel exploration and tracing with a focus on security

created at March 25, 2016, 11:28 a.m.

72 +0

2,087 +2

183 +0

cuckoo-modified by spender-sandbox

Modified edition of cuckoo

created at Nov. 30, 2015, 1:55 p.m.

72 +0

389 +1

178 +0

artifacts by ForensicArtifacts

Digital Forensics artifact repository

created at Oct. 31, 2014, 7:13 p.m.

73 +0

991 +6

204 +2

bulk_extractor by simsong

This is the development tree. Production downloads are at:

created at April 3, 2012, 4:36 a.m.

74 +0

1,019 +8

181 +1

metta by uber-common

An information security preparedness tool to do adversarial simulation.

created at Nov. 1, 2017, 9:24 p.m.

74 +0

1,074 +0

151 +0

morgue by etsy

post mortem tracker

created at Oct. 17, 2013, 5:16 a.m.

75 +0

1,012 +1

132 +0

CimSweep by mattifestation

CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows.

created at Jan. 30, 2016, 4:58 a.m.

75 +0

634 +0

151 +1

MemProcFS by ufrisk

MemProcFS

created at Nov. 18, 2018, 6:19 p.m.

77 +1

2,687 +12

332 +1

capa by mandiant

The FLARE team's open-source tool to identify capabilities in executable files.

created at June 16, 2020, 9:24 p.m.

79 +1

3,897 +16

494 +3