Microsoft Section52 ICS Forensics Tools Microsoft Section52 Industrial Control Systems Forensics Tools is an open source forensic toolkit for analyzing Industrial PLC metadata and project files. Microsoft Section52 ICS Forensics Tools enables investigators to...
kubeshark Kubeshark is an API Traffic Analyzer for Kubernetes providing real-time, protocol-level visibility into Kubernetes’ internal network, capturing and monitoring all traffic and payloads going in, out, and across containers, pods, nodes, and clusters. Think TCPDump and Wireshark re-invented for...
C2-Hunter C2-Hunter is a program designed for malware analysts to extract Command and Control (C2) traffic from malwares in real time. The program uses a unique approach by hooking into win32 connections APIs. With...
Linux Security and Monitoring Scripts These are a collection of security and monitoring scripts you can use to monitor your Linux installation for security-related events or for an investigation. Each script works on its...
Gold Digger Search files for gold Gold Digger is a simple tool used to help quickly discover sensitive information in files recursively. Originally written to assist in rapidly searching files obtained during a penetration...
SOC Multi-tool Introducing SOC Multi-tool, a free and open-source browser extension that makes investigations faster and more efficient. Now available on the Chrome Web Store and compatible with all Chromium-based browsers such as Microsoft...
yaraQA YARA rule Analyzer to improve rule quality and performance Why? YARA rules can be syntactically correct but still dysfunctional. yaraQA tries to find and report these issues to the author or maintainer of...
CMLoot CMLoot was created to easily find interesting files stored on System Center Configuration Manager (SCCM/CM) SMB shares. The shares are used for distributing software to Windows clients in Windows enterprise environments and can...
reportly Reportly is an AzureAD user activity report tool. This is a tool that will help blue teams during a cloud incident. When running the tool, the researcher will enter as input a suspicious...
Indicator-of-Compromise (IOC) Matching IOC matching for incident responders, threat hunters, detection engineers, and security engineers. Use Cases Schema-agnostic IOC matching scan: During an incident response (IR) engagement, an analyst or incident responder might want...
FarsightAD FarsightAD is a PowerShell script that aims to help uncovering (eventual) persistence mechanisms deployed by a threat actor following an Active Directory domain compromise. The script produces CSV / JSON file exports of...
Lateral movement analyzer tool Lateral movement analyzer (LATMA) collects authentication logs from the domain and searches for potential lateral movement attacks and suspicious activity. The tool visualizes the findings with diagrams depicting the lateral...
Get-AppLockerEventlog This script will parse all the channels of events from the win-event log to extract all the log relatives to AppLocker. The script will gather all the important pieces of information relative to...
Aftermath Aftermath is a Swift-based, open-source incident response framework. Aftermath can be leveraged by defenders in order to collect and subsequently analyze the data from the compromised host. Aftermath can be deployed from an...
What is Matano? Matano is an open-source security lake platform for AWS. It lets you ingest petabytes of security and log data from various sources, store and query them in a data lake, and...
Secure Your Connection
