MemScrimper is a a novel methodology to compress memory dumps of malware sandboxes. MemScrimper is built on the observation that sandboxes always start at the same system state (i.e., a sandbox snapshot) to analyze...
MalwLess Simulation Tool (MST) MalwLess is an open source tool that allows you to simulate system compromise or attack behaviors without running processes or PoCs. The tool is designed to test Blue Team detections and...
Ever wanted to turn your AV console into an Incident Response & Threat Hunting machine? Rastrea2r (pronounced “rastreador” – hunter- in Spanish) is a multi-platform open source tool that allows incident responders and SOC...
HoneypotBuster Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host. CodeExecution Execute code on a target machine using Import-Module. Invoke-HoneypotBuster...
Forensics / Malware Analysis / Networking
by do son · Published July 29, 2018 · Last modified May 1, 2024
EKTotal EKTotal is an integrated analysis tool that can automatically analyze the traffic of Drive-by Download attacks. The proposed software package can identify four types of Exploit Kits such as RIG and Magnitude, and...
IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed...
What is Sagan? Sagan is an open-source (GNU/GPLv2) high-performance, real-time log analysis & correlation engine. It is written in C and uses a multi-threaded architecture to deliver high-performance log & event analysis. The Sagan...
CimSweep CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows. CimSweep may also be used to engage in offensive...
rVMI rVMI is a debugger on steroids. It leverages Virtual Machine Introspection (VMI) and memory forensics to provide full system analysis. This means that an analyst can inspect userspace processes, kernel drivers, and pre-boot...
passivedns A tool to collect DNS records passively to aid Incident handling, Network Security Monitoring (NSM) and general digital forensics. PassiveDNS sniffs traffic from an interface or reads a pcap-file and outputs the DNS-server...
PiSavar – Detects PineAP module and starts deauthentication attack (for fake access points – WiFi Pineapple Activities Detection) About Project The goal of this project is to find out the fake access points opened...
Invoke-LiveResponse The current scope of Invoke-LiveResponse is a live response tool for targeted collection. There are two main modes of use in Invoke-LiveResponse and both are configured by a variety of command line switches. ForensicCopy Reflectively...
CSCGuard Protects and logs suspicious and malicious usage of .NET CSC.exe and Runtime C# Compilation Features Able to detect and prevent runtime C# compilation used by malware even when “GenerateInMemory” is used Limited Heuristic...
Forensics / Network PenTest / Password Attacks / Reverse Engineering / Sniffing & Spoofing
by do son · Published July 2, 2018
pythem – Penetration Testing Framework pythem is a multi-purpose pentest framework written in Python. It has been developed to be used by security researchers and security professionals. Usage Examples ARP spoofing – Man-in-the-middle. ARP+DNS...
evolve – Web interface for the Volatility Memory Forensics Framework Features Works with any Volatility module that provides an SQLite render method (some don’t) Automatically detects plugins – If volatility sees the plugin, so will...
Secure Your Connection
