Vol3xp: Volatility Explorer Suit
Vol3xp, Volatility 3 Explorer Plugins RAMMap -> Physical Address Mapping (pfn.py) RAMMap (very similar to Rammap [SysInternals]), but additionally it marks any suspicious pages (for more information read the pdf)....
Category: Forensics
LabCIF – Forensic Analysis for Mobile Apps
LabCIF – Forensic Analysis for Mobile Apps Android extraction and analysis framework with an integrated Autopsy Module. Dump easily user data from a device and generate powerful reports for Autopsy...
manuka: A modular OSINT honeypot for blue teamers
Manuka A modular, scalable OSINT honeypot targeting pre-attack reconnaissance techniques. Manuka is an Open-source intelligence (OSINT) honeypot that monitors reconnaissance attempts by threat actors and generates actionable intelligence for Blue...
NTLMRawUnHide: parse network packet capture files and extract NTLMv2 hashes
NTLMRawUnhide.py NTLMRawUnhide.py is a Python3 script designed to parse network packet capture files and extract NTLMv2 hashes in a crackable format. The tool was developed to extract NTLMv2 hashes from...
Web Shell Analyzer: Web shell scanner and analyzer
Web Shell Analyzer Web shell analyzer is a cross-platform stand-alone binary built solely for the purpose of identifying, decoding, and tagging files that are suspected to be web shells. The...
analyzer: Offline Threat Intelligence Analyzer for extracting artifacts and IoCs
analyzer Offline Threat Intelligence Analyzer for extracting artifacts and IoCs from file/dump into a readable format General Features Runs locally (Offline) Analyze buffer, file, or full folder Intime analysis (Session...
Mobile Evidence Acquisition Toolkit
M.E.A.T. – Mobile Evidence Acquisition Toolkit This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices (and Android in the future). Devices tested on iPhone X...
SRUM Dump v2.5 releases: extracts information from the System Resource Utilization Management Database
SRUM-DUMP2 SRUM Dump extracts information from the System Resource Utilization Management Database and creates an Excel spreadsheet. The SRUM is one of the best sources for applications that have run...
drovorub-hunt: network-based hunting for GRU’s Drovorub malware c2
Dispatches from Drovorub: Network Threat Hunting for Russia GRU GTsSS’ Malware at Scale Recently, the National Security Agency and Federal Bureau of Investigation released a report outlining command and control capabilities leveraged...
monte-carlo: The Office 365 log parser
monte-carlo Monte Carlo is a collection of 3 tools to process Office 365 Unified audit logs in incident response investigations. It is extensible and breaks the processing tasks in 3...
VolExp: volatility explorer
VolExp Volatility Explorer This program allows the user to access a Memory Dump. It can also function as a plugin to the Volatility Framework. This program functions similarly to Process...
ElectricEye: Continuously monitor your AWS services for configurations
ElectricEye ElectricEye is a set of Python scripts (affectionately called Auditors) that continuously monitor your AWS infrastructure looking for configurations related to confidentiality, integrity, and availability that do not align with...
Intel Owl v5.2.2 releases: analyze files, domains, IPs in multiple ways
Intel Owl Do you want to get threat intelligence data about a file, an IP, or a domain? Do you want to get this kind of data from multiple sources at...
etl-parser v1.0.1 releases: Event Trace Log file parser in pure Python
etl-parser Event Trace Log file reader in pure Python etl-parser is a pure Python 3 parser library for ETL Windows log files. ETL is the default format for ETW as well as the default...
DeepBlueCLI: PowerShell Module for Threat Hunting via Windows Event Logs
DeepBlueCLI DeepBlueCLI – a PowerShell Module for Threat Hunting via Windows Event Logs. Windows Event Logs processed Windows Security Windows System Windows Application Windows PowerShell Sysmon Command Line Logs processed...
