PICT: Post-Infection Collection Toolkit
PICT – Post-Infection Collection Toolkit This set of scripts is designed to collect a variety of data from an endpoint thought to be infected, to facilitate the incident response process....
Category: Forensics
Sigma Hunting App: containing Sigma detection rules
Sigma Hunting App A Splunk App containing Sigma detection rules, which can be updated dynamically from a Git repository. Motivation Most of the modern Security Operations Center (SOC) store the...
mordor: provides pre-recorded security events
Mordor Gates The Mordor project provides pre-recorded security events generated by simulated adversarial techniques in the form of JavaScript Object Notation (JSON) files for easy consumption. The pre-recorded data is...
ARTHIR: ATT&CK Remote Threat Hunting Incident Response
ARTHIR ATT&CK Remote Threat Hunting Incident Response ATT&CK Remote Threat Hunting Incident Response (ARTHIR) is an update to the popular KANSA framework. ARTHIR works differently than KANSA in that you...
isthislegit: collect, analyze, and respond to reported phishing emails
IsThisLegit is a dashboard and Chrome extension that makes it easy to receive, analyze, and respond to phishing reports. It consists of two parts: Chrome Extension – The Chrome extension, when...
Kuiper v2.3.4 releases: Digital Investigation Platform
Kuiper Digital Investigation Platform What is Kuiper? Kuiper is a digital investigation platform that provides capabilities for the investigation team and individuals to parse, search, visualize collected evidence (evidence could...
Oriana: incident response & threat hunting tool
Oriana Oriana is an incident response & threat hunting tool that ingests a subset of Windows event logs to provide defenders situational awareness in Windows environments using a friendly and...
mordor: Re-play Adversarial Techniques
Mordor Gates The Mordor project provides pre-recorded security events generated by simulated adversarial techniques in the form of JavaScript Object Notation (JSON) files for easy consumption. The pre-recorded data is...
Forager: Multithreaded threat Intelligence gathering
Forager Do you ever wonder if there is an easier way to retrieve, store, and maintain all your threat intelligence data? Random user, meet Forager. Not all threat intel implementations...
AVML v0.13 releases: Acquire Volatile Memory for Linux
Acquire Volatile Memory for Linux (AVML) AVML is an X86_64 userland volatile memory acquisition tool written in Rust, intended to be deployed as a static binary. AVML can be used to...
Venator: gather data for proactive detection of malicious activity on macOS devices
Venator Venator is a python tool used for gathering data for the purpose of proactive macOS detection. Support for High Sierra & Mojave using native macOS python version (2.7.x). Happy...
Web-Based Firewall Log Analysis and Reporting
Webfwlog is a flexible web-based firewall log analyzer and reporting tool. It supports standard system logs for Linux, FreeBSD, OpenBSD, NetBSD, Solaris, Irix, OS X, etc. as well as Windows...
BlueHive: Active Directory Honey User Account Management
BlueHive BlueHive is HoneyPot User management tool built with the free open source community edition of Universal Dashboard by Ironman Software. This utility can be used to create and manage Honeypot user and service accounts via...
DeTTECT v1.9 releases: Detect Tactics, Techniques & Combat Threats
DeTTECT DeTT&CT aims to assist blue teams using ATT&CK to score and compare data log source quality, visibility coverage, detection coverage, and threat actor behaviors. All of which can help,...
fwanalyzer v1.4.4 releases: analyze filesystem images
FwAnalyzer (Firmware Analyzer) FwAnalyzer is a tool to analyze (ext2/3/4), FAT/VFat, SquashFS, UBIFS filesystem images, and directory content using a set of configurable rules. It relies on e2tools for ext filesystems, mtools for...
