PFQ PFQ is a functional framework designed for the Linux operating system built for efficient packets capture/transmission (10G, 40G and beyond), in-kernel functional processing, kernel-bypass and packets steering across groups...
chocoProxy chocoProxy is a Windows tool intended to aid in reverse engineering Windows applications’ network traffic. The proxy works by hooking the sending and receiving Windows APIs after being injected...
Whodunnit Parse, Filter and Present Windows Event Logs with ease, from the comfort and familiarity of a PowerShell Environment. Whodunnit is a forensic tool initially created with the intention of...
Loki – Simple IOC Scanner Scanner for Simple Indicators of Compromise Detection is based on four detection methods: File Name IOC Regex match on full file path/name Yara Rule Check...
Grapl Grapl is a Graph Platform for Detection and Response. In short, Grapl will take raw logs, convert them into graphs, and merge those graphs into a Master Graph. It...
IOC Explorer – Explore IOCs Automatically Correlating Indicator of Compromise (IOC) is a key part of incident investigation even threat hunting. Finding one IP address hosting several known malicious files...
Imago is a python tool that extracts digital evidences from images recursively. This tool is useful throughout a digital forensic investigation. If you need to extract digital evidences and you...
Autopsy is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to...
The Sleuth Kit is an open-source forensic toolkit for analyzing Microsoft and UNIX file systems and disks. The Sleuth Kit enables investigators to identify and recover evidence from images acquired...
TROMMEL sifts through directories of files to identify indicators that may contain vulnerabilities. It identifies the following indicators related to: Secure Shell (SSH) key files Secure Socket Layer (SSL) key...
Hindsight Internet history forensics for Google Chrome/Chromium Hindsight is a free tool for analyzing web artifacts. It started with the browsing history of the Google Chrome web browser and has...
usbrip usbrip (derived from “USB Ripper”, not “USB R.I.P.” 😯) is an open source forensics tool with CLI interface that lets you keep track of USB device artifacts (a.k.a. USB event history: “Connected”...
Adama Searches For Threat Hunting and Security Analytics A collection of known log and/or event data searches for threat hunting and detection. They enumerate sets of searches used across many...
MalConfScan is a Volatility plugin extracts configuration data of known malware. Volatility is an open-source memory forensics framework for incident response and malware analysis. This tool searches for malware in memory images and...
yarGen What does yarGen do? yarGen is a generator for YARA rules The main principle is the creation of Yara rules from strings found in malware files while removing all strings that...
Support Securityonline.info site. Thanks!
