FSEvents files are written to disk by macOS APIs and contain historical records of file system activity that occurred for a particular volume. They can be found on devices running macOS and devices that...
EveBox EveBox is a web-based Suricata “eve” event viewer for Elastic Search. Features A web-based event viewer with an “Inbox” approach to alert management. Event search. An agent for sending Suricata events to the...
xnumon is a monitoring agent that produces system activity logs intended to be suitable for monitoring potentially large fleets of macOS systems for malware and intrusions. It aims at providing similar capabilities on macOS...
Performance Analysis of Logs (PAL) Tool Ever have a performance problem, but don’t know what performance counters to collect or how to analyze them? The PAL (Performance Analysis of Logs) tool is a powerful...
OWASP SSL advanced forensic tool / OWASP SSL audit for testers O-Saft is easy to use tool to show information about SSL certificate and tests the SSL connection according to given list of ciphers...
Defense / Forensics / Malware Analysis
by do son · Published January 18, 2019 · Last modified October 11, 2021
Altprobe The repository includes Alertflex collector and installation scripts for security sensors (Suricata NIDS, Wazuh HIDS, Falco CRS). Alertflex project is a cybersecurity solution for automation, continuous monitoring, orchestration, threat detection, and response. Alertflex...
mac_apt macOS Artifact Parsing Tool mac_apt is a DFIR tool to process Mac computer full disk images and extract data/metadata useful for forensic investigation. It is a python based framework, which has plugins to...
Project Neto is a Python 3 package conceived to analyze and unravel hidden features of browser plugins and extensions for well-known browsers such as Firefox and Chrome. It automates the process of unzipping the...
Volatility Workbench is a graphical user interface (GUI) for the Volatility tool. Volatility is a command line memory analysis and forensics tool for extracting artefacts from memory dumps. Volatility Workbench is free, open source and...
The Netcap (NETwork CAPture) framework efficiently converts a stream of network packets into highly accessible type-safe structured data that represent specific protocols or custom abstractions. These audit records can be stored on a disk or...
Objective This tool can help pentesters to quickly dump all credz from known location, such as .bash_history, config files, wordpress credentials, and so on… This is not a hacking tool, just a collection of...
Strelka Strelka is a real-time file scanning system used for threat hunting, threat detection, and incident response. Based on the design established by Lockheed Martin’s Laika BOSS and similar projects (see: related projects), Strelka’s purpose is to...
Remote-Desktop-Caching- This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allow Red Team member to extract juicy information such as LAPS passwords...
Defense / Forensics / Networking
by do son · Published December 22, 2018 · Last modified November 2, 2023
ntopng ntopng is the next-generation version of the original ntop, a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntopng is based on libpcap and...
SysmonSearch SysmonSearch makes event log analysis more effective and less time to consume, by aggregating event logs generated by Microsoft’s Sysmon. System Overview SysmonSearch uses Elasticserach and Kibana (and Kibana plugin). Elasticserach Elasticsearch...
