modDetective modDetective is a small Python tool that chronologizes files based on modification time in order to investigate recent system activity. This can be used in red team engagements and CTF‘s in order to...
What is CDQR? The CDQR tool uses Plaso to parse disk images with specific parsers and create easy to analyze custom reports. The parsers were chosen based on triaging best practices and the custom...
Xplico Xplico is a Network Forensic Analysis Tool (NFAT). The goal of Xplico is extracted from internet traffic to capture the data of the application contained. For example, from a pcap file Xplico extracts...
Real-time detection of high-risk attacks leveraging Kerberos and SMB This is a real-time detection tool for detecting an attack against Active Directory. The tools are the improved version of the previous version. Our tool...
Heralding Sometimes you just want a simple honeypot that collects credentials, nothing more. Heralding is that honeypot! Currently, the following protocols are supported: ftp, telnet, ssh, http, https, pop3, pop3s, imap, imaps, smtp, vnc,...
DFIRTrack DFIRTrack (Digital Forensics and Incident Response Tracking application) is an open-source web application mainly based on Django using a PostgreSQL database backend. In contrast to other great incident response tools, which are mainly case-based and support...
StreamAlert is a serverless, real-time data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define. Benefits As partially outlined above, StreamAlert...
LogESP LogESP is a SIEM (Security Information and Event Management system) written in Python Django. It features a web frontend and handles log management and forensics, risk management, and asset management. Design Principles Security...
pcap-ioc Python tool to extract potential IOCs from a pcap file using pyshark List of IOCs extracted : IP addresses from IP packets Domains and IP addresses from DNS requests Domains, url, and user-agents from...
What is Cowrie Cowrie is a medium interaction SSH and Telnet honeypot designed to log brute force attacks and the shell interaction performed by the attacker. Cowrie is developed by Michel Oosterhof. Features Some interesting...
Crypto / Forensics / Network PenTest / Reverse Engineering / WebApp PenTest
by do son · Published April 4, 2019
>_ Root the Box Root the Box is a real-time capture the flag (CTF) scoring engine for computer wargames where hackers can practice and learn. The application can be easily configured and modified for...
Arkime is an open-source, large-scale, full packet capturing, indexing, and a database system. Arkime augments your current security infrastructure to store and index network traffic in standard PCAP format, providing fast, indexed access. An...
psad – Intrusion Detection with iptables Logs Introduction The Port Scan Attack Detector psad is a lightweight system daemon written in is designed to work with Linux iptables/ip6tabfirewallalld firewalling code to detect suspicious traffic such as...
FastNetMon – A high-performance DoS/DDoS load analyzer built on top of multiple packet capture engines (NetFlow, IPFIX, sFLOW, SnabbSwitch, netmap, PF_RING, PCAP). What can we do? We can detect hosts in our networks sending...
Sloth Sloth is a Mac application that displays all open files and sockets in use by all running applications on your system. This makes it easy to inspect which apps are using which files...
Secure Your Connection
