memscrimper: Malware Sandbox Memory Dumps
MemScrimper is a a novel methodology to compress memory dumps of malware sandboxes. MemScrimper is built on the observation that sandboxes always start at the same system state (i.e., a...
Category: Forensics
MalwLess v2.3 releases: Test Blue Team detections without running any attack
MalwLess Simulation Tool (MST) MalwLess is an open source tool that allows you to simulate system compromise or attack behaviors without running processes or PoCs. The tool is designed to test...
rastrea2r: Collecting & Hunting for IOCs with gusto and style
Ever wanted to turn your AV console into an Incident Response & Threat Hunting machine? Rastrea2r (pronounced “rastreador” – hunter- in Spanish) is a multi-platform open source tool that allows...
HoneypotBuster: find honeypots and honeytokens in the network
HoneypotBuster Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host. CodeExecution Execute code on a target...
ektotal: integrated analysis tool
EKTotal EKTotal is an integrated analysis tool that can automatically analyze the traffic of Drive-by Download attacks. The proposed software package can identify four types of Exploit Kits such as...
Sagan: multi-threads, high performance log analysis engine
What is Sagan? Sagan is an open-source (GNU/GPLv2) high-performance, real-time log analysis & correlation engine. It is written in C and uses a multi-threaded architecture to deliver high-performance log &...
CimSweep: perform incident response and hunting operations remotely
CimSweep CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows. CimSweep may also be used...
rVMI: provide full system analysis
rVMI rVMI is a debugger on steroids. It leverages Virtual Machine Introspection (VMI) and memory forensics to provide full system analysis. This means that an analyst can inspect userspace processes,...
passivedns: network sniffer that logs all DNS server replies
passivedns A tool to collect DNS records passively to aid Incident handling, Network Security Monitoring (NSM) and general digital forensics. PassiveDNS sniffs traffic from an interface or reads a pcap-file...
PiSavar: WiFi Pineapple Activities Detection
PiSavar – Detects PineAP module and starts deauthentication attack (for fake access points – WiFi Pineapple Activities Detection) About Project The goal of this project is to find out the...
Invoke-LiveResponse: live response tool for targeted collection
Invoke-LiveResponse The current scope of Invoke-LiveResponse is a live response tool for targeted collection. There are two main modes of use in Invoke-LiveResponse and both are configured by a variety of command...
CSCGuard: Protects and logs suspicious and malicious
CSCGuard Protects and logs suspicious and malicious usage of .NET CSC.exe and Runtime C# Compilation Features Able to detect and prevent runtime C# compilation used by malware even when “GenerateInMemory”...
PytheM v0.8.1: Penetration Testing Framework
pythem – Penetration Testing Framework pythem is a multi-purpose pentest framework written in Python. It has been developed to be used by security researchers and security professionals. Usage Examples ARP...
evolve: Web interface for the Volatility Memory Forensics Framework
evolve – Web interface for the Volatility Memory Forensics Framework Features Works with any Volatility module that provides an SQLite render method (some don’t) Automatically detects plugins – If volatility sees...
CRITs – Collaborative Research Into Threats
Collaborative Research Into Threats (CRITs) is a web-based tool which combines an analytic engine with a cyber threat database that not only serves as a repository for attack data and...
