SOC Multi-tool Introducing SOC Multi-tool, a free and open-source browser extension that makes investigations faster and more efficient. Now available on the Chrome Web Store and compatible with all Chromium-based...
yaraQA YARA rule Analyzer to improve rule quality and performance Why? YARA rules can be syntactically correct but still dysfunctional. yaraQA tries to find and report these issues to the...
CMLoot CMLoot was created to easily find interesting files stored on System Center Configuration Manager (SCCM/CM) SMB shares. The shares are used for distributing software to Windows clients in Windows...
reportly Reportly is an AzureAD user activity report tool. This is a tool that will help blue teams during a cloud incident. When running the tool, the researcher will enter...
Indicator-of-Compromise (IOC) Matching IOC matching for incident responders, threat hunters, detection engineers, and security engineers. Use Cases Schema-agnostic IOC matching scan: During an incident response (IR) engagement, an analyst or...
FarsightAD FarsightAD is a PowerShell script that aims to help uncovering (eventual) persistence mechanisms deployed by a threat actor following an Active Directory domain compromise. The script produces CSV /...
Lateral movement analyzer tool Lateral movement analyzer (LATMA) collects authentication logs from the domain and searches for potential lateral movement attacks and suspicious activity. The tool visualizes the findings with...
Get-AppLockerEventlog This script will parse all the channels of events from the win-event log to extract all the log relatives to AppLocker. The script will gather all the important pieces...
Aftermath Aftermath is a Swift-based, open-source incident response framework. Aftermath can be leveraged by defenders in order to collect and subsequently analyze the data from the compromised host. Aftermath can...
What is Matano? Matano is an open-source security lake platform for AWS. It lets you ingest petabytes of security and log data from various sources, store and query them in...
Sandbox Scryer The Sandbox Scryer is an open-source tool for producing threat hunting and intelligence data from public sandbox detonation output. The tool leverages the MITRE ATT&CK Framework to organize...
Collect-MemoryDump Collect-MemoryDump – Automated Creation of Windows Memory Snapshots for DFIR Collect-MemoryDump.ps1 is a PowerShell script utilized to collect a Memory Snapshot from a live Windows system (in a forensically...
Prefetch Hash Cracker During the forensic analysis of a Windows machine, you may find the name of a deleted prefetch file. While its content may not be recoverable, the filename...
Ox4Shell Deobfuscate Log4Shell payloads with ease. Since the release of the Log4Shell vulnerability (CVE-2021-44228), many tools were created to obfuscate Log4Shell payloads, making the lives of security engineers a nightmare....
Dismember Dismember is a command-line toolkit for Linux that can be used to scan the memory of all processes (or particular ones) for common secrets and custom regular expressions, among...
Support Securityonline.info site. Thanks!
