Vector Vector is a high-performance, end-to-end (agent & aggregator) observability data pipeline that puts you in control of your observability data. Collect, transform, and route all your logs, metrics, and traces to any vendors you want today and...
VAST — Visibility Across Space and Time VAST is a network telemetry engine for data-driven security investigations. It ingests high-volume streams of network and logs data, indexes it for later retrieval, and offers several...
PersistenceSniper PersistenceSniper is a Powershell script that can be used by Blue Teams, Incident Responders, and System Administrators to hunt persistences implanted in Windows machines. The script is also available on Powershell Gallery. The...
DFIR Toolkit CLI tools for forensic investigation of Windows artifacts Overview of timelining tools Changelog v0.9 added lnk2bodyfile Install cargo install dfir-toolkit Tool cleanhive merges logfiles into a hive file xx evtx2bodyfile ...
Defense / Forensics / Networking
by do son · Published December 22, 2018 · Last modified November 2, 2023
ntopng ntopng is the next-generation version of the original ntop, a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntopng is based on libpcap and...
ThreatIngestor An extendable tool to extract and aggregate IOCs from threat feeds. Integrates out-of-the-box with ThreatKB and MISP, and can fit seamlessly into any existing workflow with SQS, Beanstalk, and custom plugins. ThreatIngestor can be configured to watch Twitter, RSS feeds,...
Forensics / Web Information Gathering
by do son · Published July 5, 2020 · Last modified November 2, 2023
Intel Owl Do you want to get threat intelligence data about a file, an IP, or a domain? Do you want to get this kind of data from multiple sources at the same time using a...
Cisco IOS XE implant scanning This repository contains information regarding post-exploitation activities linked to the Cisco IOS XE Software Web Management User Interface mass exploitations. Cisco Talos published a fingerprint that could check if...
Tracee – Container, and system tracing using eBPF Tracee is a lightweight and easy-to-use container and system tracing tool. It allows you to observe system calls and other system events in real-time. A unique...
Grove Grove is a Software as a Service (SaaS) log collection framework, designed to support the collection of logs from services which do not natively support log streaming. Grove enables teams to collect security-related...
