CyLR What is CyLR? The CyLR tool collects forensic artefacts from hosts with NTFS file systems quickly, securely and minimizes impact to the host. The main features are: Quick collection (it’s really fast) Raw...
mXtract An open source Linux based tool that analyzes and dumps memory. It is developed as an offensive penetration testing tool, which is used to scan memory for private keys, ips, and passwords using...
awslog Show the history and changes between configuration versions of AWS resources Uses AWS Config to fetch the configuration history of resources, only works on resources supported by AWS Config Changelog v0.1.6 Fix the –deleted...
SpamScope is an advanced spam analysis tool that uses Apache Storm with streamparse to process a stream of mails. It’s possible to analyze more than 5 millions of mails (without attachments post processors) for the day with a...
CDIR (Cyber Defense Institute Incident Response) Collector – live collection tool based on oss tool/library cdir-collector is a collection tool for first responders. it collects the following data on Windows. RAM NTFS $MFT $SECURE:$SDS...
Defense / Forensics / Malware Analysis
by do son · Published March 3, 2019 · Last modified October 10, 2021
DARKSURGEON is a Windows packer project to empower incident response, digital forensics, malware analysis, and network defense. DARKSURGEON has three stated goals: Accelerate incident response, digital forensics, malware analysis, and network defense with a...
django-admin-honeypot django-admin-honeypot is a fake Django admin login screen to log and notify admins of attempted unauthorized access. This app was inspired by a discussion in and around Paul McMillan’s security talk at DjangoCon 2011....
PcapViz PcapViz visualizes network topologies and provides graph statistics based on pcap files. It should be possible to determine key topological nodes or data exfiltration attempts more easily. Features Draw network topologies (Layer 2)...
nightHawk Response Custom built an application for asynchronus forensic data presentation on an Elasticsearch backend. This application is designed to ingest a Mandiant Redline “collections” file and give flexibility in search/stack and tagging. The...
joincap Merge multiple pcap files together, gracefully. Why? I believe skipping corrupt packets is better than failing the entire merge job. When using tcpslice ormergecap sometimes pcapfix is needed to fix bad input pcap files. One option is to...
Linux Explorer Easy-to-use live forensics toolbox for Linux endpoints written in Python & Flask. Capabilities ps View full process list Inspect process memory map & fetch memory strings easily Dump process memory in one...
Although the Linux system can be protected from the spread of most malware, it is not absolutely safe. If your data center erected a Linux server, especially the Web server, you should be on...
Honeytrap Honeytrap is a modular framework for running, monitoring and managing honeypots. Using Honeytrap you can use sensors, high interaction and low interaction honeypots together, while still using the same event mechanisms. Honeytrap consists...
LogTrail – Log Viewer plugin for Kibana LogTrail is a plugin for Kibana to view, analyze, search and tail log events from multiple hosts in real-time with devops friendly interface inspired by Papertrail. Features View,...
MAC Address Age Tracking This repository is used to determine an approximate issuance date for IEEE allocated hardware address ranges. The dataset was bootstrapped using a combination of the DeepMAC and Wireshark archives and maintained via daily pulls...
Secure Your Connection
