DFIR-O365RC The DFIR-O365RC PowerShell module is a set of functions that allow the DFIR analyst to collect logs relevant for Office 365 Business Email Compromise investigations. The logs are generated...
Forensics / Reverse Engineering
by do son · Published March 9, 2021 · Last modified October 15, 2023
Obfuscation Detection Automatically detect control-flow flattening and other state machines Scripts and binaries to automatically detect control-flow flattening and other state machines in binaries. Control-flow flattening is a code transformation that...
PSGumshoe PSGumshoe is a Windows PowerShell module for the collection of OS and domain artifacts for the purposes of performing live response, hunt, and forensics. The module focuses on being...
APT-Hunter APT-Hunter is a Threat Hunting tool for windows event logs which made by the purple team mindset to provide detect APT movements hidden in the sea of windows event...
by do son · Published January 17, 2021 · Last modified January 16, 2021
ATMMalScan ATMMalScan is a commandline tool for Windows operating systems version 7 and higher, which helps to search for malware traces on an ATM during the DFIR process. This tool...
HosTaGe – Honeypot-To-Go HosTaGe is a lightweight, low-interaction, portable, and generic honeypot for mobile devices that aims at the detection of malicious, wireless network environments. As most malware propagates over...
HAWK What Hawk is and isn’t Hawk provides a Limited analysis of the gathered data. This is by design! Hawk is here to help get all of the data in...
openedr We at OpenEDR believe in creating a cybersecurity platform with its source code openly available to the public, where products and services can be provisioned and managed together. EDR...
Gargamel Right now, this app works only on Windows and the target computer must use Windows or Linux. Make sure to have the following programs in the same directory as...
Forensics / Information Gathering
by do son · Published December 28, 2020 · Last modified April 2, 2023
Tell Me Your Secrets A simple module which finds files with different secrets keys present inside a directory. Secrets derived from 120 different signatures. Signatures Derived from shhgit Available Signatures :...
Packet Strider Packet Strider for SSH is a packet forensics tool that aims to provide valuable insight into the nature of SSH traffic, shining a light into the corners of...
wsb-detect wsb-detect enables you to detect if you are running in Windows Sandbox (“WSB”). The sandbox is used by Windows Defender for dynamic analysis, and commonly manually by security analysts...
teler teler is a real-time http intrusion detection and threat alert based on a weblog that runs in a terminal with resources that we collect and provide by the community. Features...
kraken Kraken is a simple cross-platform Yara scanner that can be built for Windows, Mac, FreeBSD, and Linux. It is primarily intended for incident response, research, and ad-hoc detections (not for...
Threagile Agile Threat Modeling Toolkit Threagile is an open-source toolkit for agile threat modeling: It allows to model architecture with its assets in an agile fashion as a YAML file directly...
Support Securityonline.info site. Thanks!
