Forensics / Information Gathering / Web Information Gathering
by do son · Published June 23, 2019 · Last modified November 20, 2022
POCKINT (a.k.a. Pocket Intelligence) is the OSINT swiss army knife for DFIR/OSINT professionals. Designed to be a lightweight and portable GUI program (to be carried within USBs or investigation VMs), it provides users with...
Forensics / Malware Analysis / Networking
by do son · Published June 18, 2019 · Last modified February 21, 2021
histstat This is a cross-platform command-line tool for obtaining live, rudimentary network connection data on a computer system. This tool was designed for network and security analysts to easily view connections on a system...
LogonTracer Investigate malicious logon by visualizing and analyzing Windows active directory event logs. LogonTracer uses PageRank and ChangeFinder to detect malicious hosts and accounts from the event log. This tool can visualize the following event id related to...
dfirtriage Digital forensic acquisition tool for Windows-based incident response. DFIRtriage is a tool intended to provide Incident Responders with rapid host data. Written in Python, the code has been compiled to eliminate the dependency...
Get-EnhancedWinEvent A Powershell Cmdlet that gets events from event logs and event tracing log files on local and remote computers enhances them with details from their XML representation. The Get-EnhancedWinEvent cmdlet gets events from...
pcapfex ‘Packet CAPture Forensic Evidence eXtractor’ is a tool that finds and extracts files from packet capture files. It was developed by Viktor Winkelmann as part of a bachelor thesis. The power of pcapfex lies in its ease of use....
The ADTimeline script generates a timeline based on Active Directory replication metadata for objects considered of interest. Replication metadata gives you the time at which each replicated attribute for a given object was last...
AutoMacTC: Automated Mac Forensic Triage Collector This is a modular forensic triage collection framework designed to access various forensic artifacts on macOS, parse them, and present them in formats viable for analysis. The output...
FLARE VM – a fully customizable, Windows-based security distribution for malware analysis, incident response, penetration testing, etc.. Installed Tools Android dex2jar apktool Debuggers flare-qdb scdbg OllyDbg + OllyDump + OllyDumpEx OllyDbg2 + OllyDumpEx x64dbg...
ATTACKdatamap A datasource assessment on an event level to show potential coverage of the “MITRE ATT&CK” framework. This tool is developed by me and has no affiliation with “MITRE” nor with its great “ATT&CK”...
Zeek Network Security Monitor Zeek is a powerful framework for network analysis and security monitoring. It is a powerful system that on top of the functionality it provides out of the box, also offers...
ThreatIngestor An extendable tool to extract and aggregate IOCs from threat feeds. Integrates out-of-the-box with ThreatKB and MISP, and can fit seamlessly into any existing workflow with SQS, Beanstalk, and custom plugins. ThreatIngestor can be configured to watch Twitter, RSS feeds,...
fingerprint all the things! A script for extracting network metadata and fingerprints such as JA3 and HASSH from packet capture files (pcap) or live network traffic. The main use-case is for monitoring honeypots, but you can also...
Beagle Beagle is an incident response and digital forensics tool which transforms data sources and logs into graphs. Supported data sources include FireEye HX Triages, Windows EVTX files, SysMon logs, and Raw Windows memory...
IntelMQ is a solution for IT security teams (CERTs, CSIRTs, abuse departments,…) for collecting and processing security feeds (such as log files) using a message queuing protocol. It’s a community-driven initiative called IHAP (Incident Handling...
Secure Your Connection
