MAC Address Age Tracking This repository is used to determine an approximate issuance date for IEEE allocated hardware address ranges. The dataset was bootstrapped using a combination of the DeepMAC and Wireshark archives and...
FSEvents files are written to disk by macOS APIs and contain historical records of file system activity that occurred for a particular volume. They can be found on devices running...
EveBox EveBox is a web-based Suricata “eve” event viewer for Elastic Search. Features A web-based event viewer with an “Inbox” approach to alert management. Event search. An agent for sending...
xnumon is a monitoring agent that produces system activity logs intended to be suitable for monitoring potentially large fleets of macOS systems for malware and intrusions. It aims at providing...
Performance Analysis of Logs (PAL) Tool Ever have a performance problem, but don’t know what performance counters to collect or how to analyze them? The PAL (Performance Analysis of Logs)...
Defense / Forensics / Malware Analysis
by do son · Published January 18, 2019 · Last modified October 11, 2021
Altprobe The repository includes Alertflex collector and installation scripts for security sensors (Suricata NIDS, Wazuh HIDS, Falco CRS). Alertflex project is a cybersecurity solution for automation, continuous monitoring, orchestration, threat...
mac_apt macOS Artifact Parsing Tool mac_apt is a DFIR tool to process Mac computer full disk images and extract data/metadata useful for forensic investigation. It is a python based framework,...
Project Neto is a Python 3 package conceived to analyze and unravel hidden features of browser plugins and extensions for well-known browsers such as Firefox and Chrome. It automates the...
Volatility Workbench is a graphical user interface (GUI) for the Volatility tool. Volatility is a command line memory analysis and forensics tool for extracting artefacts from memory dumps. Volatility Workbench is...
The Netcap (NETwork CAPture) framework efficiently converts a stream of network packets into highly accessible type-safe structured data that represent specific protocols or custom abstractions. These audit records can be stored...
Objective This tool can help pentesters to quickly dump all credz from known location, such as .bash_history, config files, wordpress credentials, and so on… This is not a hacking tool,...
Strelka Strelka is a real-time file scanning system used for threat hunting, threat detection, and incident response. Based on the design established by Lockheed Martin’s Laika BOSS and similar projects (see: related projects),...
Remote-Desktop-Caching- This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allow Red Team member to extract juicy information...
Defense / Forensics / Networking
by do son · Published December 22, 2018 · Last modified November 2, 2023
ntopng ntopng is the next-generation version of the original ntop, a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntopng is...
SysmonSearch SysmonSearch makes event log analysis more effective and less time to consume, by aggregating event logs generated by Microsoft’s Sysmon. System Overview SysmonSearch uses Elasticserach and Kibana (and...
Support Securityonline.info site. Thanks!
