Sandbox Scryer The Sandbox Scryer is an open-source tool for producing threat hunting and intelligence data from public sandbox detonation output. The tool leverages the MITRE ATT&CK Framework to organize and prioritize findings, assisting...
Collect-MemoryDump Collect-MemoryDump – Automated Creation of Windows Memory Snapshots for DFIR Collect-MemoryDump.ps1 is a PowerShell script utilized to collect a Memory Snapshot from a live Windows system (in a forensically sound manner). Features: Checks...
Prefetch Hash Cracker During the forensic analysis of a Windows machine, you may find the name of a deleted prefetch file. While its content may not be recoverable, the filename itself is often enough...
Ox4Shell Deobfuscate Log4Shell payloads with ease. Since the release of the Log4Shell vulnerability (CVE-2021-44228), many tools were created to obfuscate Log4Shell payloads, making the lives of security engineers a nightmare. This tool intends to...
Dismember Dismember is a command-line toolkit for Linux that can be used to scan the memory of all processes (or particular ones) for common secrets and custom regular expressions, among other things. It will...
shomon ShoMon is a Shodan alert feeder for TheHive written in GoLang. With version 2.0, it is more powerful than ever! Functionalities Can be used as Webhook OR Stream listener Webhook listener opens a...
systeminformer A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. Features A detailed overview of system activity with...
RPCMon A GUI tool for scanning RPC communication through Event Tracing for Windows (ETW). The tool was published as part of research on RPC communication between the host and a Windows container. Overview RPCMon...
PersistenceSniper PersistenceSniper is a Powershell script that can be used by Blue Teams, Incident Responders, and System Administrators to hunt persistences implanted in Windows machines. The script is also available on Powershell Gallery. The...
Linux Audit – Usable, Robust, Easy Logging LAUREL is an event post-processing plugin for auditd(8) to improve its usability in modern security monitoring setups. Logs produced by the Linux Audit subsystem and auditd(8) contain information that can...
dumpscan Dumpscan is a command-line tool designed to extract and dump secrets from kernel and Windows Minidump formats. Kernel-dump parsing is provided by volatility3. Features x509 Public and Private key (PKCS #8/PKCS #1) parsing SymCrypt parsing Supported...
Microsoft 365 Extractor Suite This suite of scripts contains two different scripts that can be used to acquire the Microsoft 365 Unified Audit Log Read the accompanying blog post here. Microsoft365_Extractor, the original script...
Sealighter – Easy ETW Tracing for Security Research Sealighter leverages the feature-rich Krabs ETW Library to enable detailed filtering and triage of ETW and WPP Providers and Events. You can subscribe and filter multiple providers, including...
Hunt-Sleeping-Beacons The idea of this project is to identify beacons which are unpacked at runtime or running in the context of another process. To do so, I make use of the observation that beacons...
goreplay GoReplay is an open-source network monitoring tool which can record your live traffic and use it for shadowing, load testing, monitoring, and detailed analysis. As your application grows, the effort required to test...
Secure Your Connection
