Vector Vector is a high-performance, end-to-end (agent & aggregator) observability data pipeline that puts you in control of your observability data. Collect, transform, and route all your logs, metrics, and traces to any vendors you want today and...
by do son · Published October 20, 2019 · Last modified September 27, 2023
Volatility 3: The volatile memory extraction framework Volatility is the world’s most widely used framework for extracting digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system...
ecapture capture SSL/TLS text content without CA cert by eBPF. eBPF is a revolutionary technology with origins in the Linux kernel that can run sandboxed programs in an operating system kernel. It is used...
Defense / Forensics / Networking
by do son · Published July 31, 2019 · Last modified September 26, 2023
Falco Falco is a behavioral activity monitor designed to detect anomalous activity in your applications. Powered by sysdig’s system call capture infrastructure, Falco lets you continuously monitor and detect container, application, host, and network activity… all...
dissect Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artifacts from various disk and file formats, developed by Fox-IT (part of NCC...
DFIR Toolkit CLI tools for forensic investigation of Windows artifacts Overview of timelining tools Changelog v0.8.1 update crate versions Install cargo install dfir-toolkit Tool cleanhive merges logfiles into a hive file xx evtx2bodyfile ...
Nightingale Nightingale is an enterprise-level cloud-native monitoring system, which can be used as a drop-in replacement for Prometheus for alerting and management. Nightingale is a cloud-native monitoring system by All-In-On design, that supports enterprise-class...
Defense / Forensics / Malware Analysis
by do son · Published August 2, 2019 · Last modified September 24, 2023
MISP – Malware Information Sharing Platform and Threat Sharing MISP, Malware Information Sharing Platform, and Threat Sharing is an open-source software solution for collecting, storing, distributing, and sharing cybersecurity indicators and threats about cybersecurity...
mihari Mihari is a helper to run queries & manage results continuously. Mihari can be used for C2, landing pages, and phishing hunting. How it works Mihari makes a query against Shodan, Censys, VirusTotal,...
Cortex tries to solve a common problem frequently encountered by SOCs, CSIRTs and security researchers in the course of threat intelligence, digital forensics, and incident response: how to analyze observables they have collected, at scale, by querying a single...
