Category: Forensics

CDQR

CDQR: Cold Disk Quick Response tool

What is CDQR? The CDQR tool uses Plaso to parse disk images with specific parsers and create easy to analyze custom reports. The parsers were chosen based triaging best practices and the custom reports...

AIEngine

Artificial Intelligent Engine (AIEngine) v1.9.0 release: packet inspection engine

AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go network intrusion detection system engine with capabilities of learning without any human intervention, DNS domain classification, Spam detection, network collector, network forensics and many others. AIEngine...

UncoverDCShadow

UncoverDCShadow: dynamically uncover a DCShadow attack

Uncover-DCShadow UncoverDCShadow is a set of proof-of-concept designed to help blue teams detect the use of the DCShadow attack on their Active Directory infrastructure. These helpers have been designed to illustrate how security monitoring can be...