lupo: Malware IOC Extractor
Lupo — Malware IOC Extractor Debugging module for Malware Analysis Automation Introduction Working on security incidents that involve malware, we come across situations on a regular basis where we feel...
Category: Forensics
scirius: web application for Suricata ruleset management and threat hunting
Scirius Scirius Community Edition is a web interface dedicated to Suricata ruleset management. It handles the rules file and update associated files. Scirius CE is developed by Stamus Networks and is...
misp-wireshark: extract data from Wireshark and convert it into MISP format
misp-wireshark misp-wireshark is a Lua plugin intended to help analysts extract data from Wireshark and convert it into the MISP Core format. Installation On Linux, clone the repository in Wireshark’s...
ma2tl: macOS Forensic Timeline Generator
ma2tl (mac_apt to timeline) This is a DFIR tool for generating a macOS forensic timeline from the analysis result DBs of mac_apt. Install Requirements Python 3.7.0 or later pytz tzlocal xlsxwriter...
Grafiki: Threat Hunting tool about Sysmon and graphs
Grafiki Grafiki is a Django project about Sysmon and graphs, for the time being. In my opinion EventViewer, Elastic, and even Kibana, are not graphic enough. The current threats are...
Rip Raw: analyse the memory of compromised Linux systems
Rip Raw Rip Raw is a small tool to analyse the memory of compromised Linux systems. It is similar in purpose to Bulk Extractor, but particularly focused on extracting system...
hcltm v0.1.6 releases: Threat Modeling with HCL
hcltm Threat Modeling with HCL Overview There are many different ways in which a threat model can be documented. From a simple text file to more in-depth word documents, to...
Live Forensicator: Powershell Script to aid Incidence Response and Live Forensics
Live Forensicator Live Forensicator is part of the Black Widow Toolbox, its aim is to assist Forensic Investigators and Incidence responders in carrying out a quick live forensic investigation. It...
factual-rules-generator: generate YARA rules about installed software from a running operating system
factual-rules-generator Factual-rules-generator is an open-source project which aims to generate YARA rules about installed software from a running operating system. The goal of the software is to be able to use...
epagneul v0.4.1 releases: visualize and investigate windows event logs
epagneul – visualize and investigate windows event logs Changelog v0.4 Added Observable: windows groups Relationships: TGT_DES_REQUEST, TGT_AES_REQUEST, TGT_RC4_REQUEST Users ranking Changed Better management of Relationships and Observables Edges labels are...
S1EM v31102022 releases: SIEM with SIRP and Threat Intel
S1EM – a SIEM with SIRP and Threat Intel, all in one Today, cyber-attacks are more numerous and cause damage to companies. Nevertheless, many software products exist to detect cyber...
Fennec v0.4 releases: Artifact collection tool for *nix systems
Fennec fennec is an artifact collection tool written in Rust to be used during an incident response on *nix based systems. fennec allows you to write a configuration file that...
AWS CloudSaga v1.0.1 releases: Simulate security events in AWS
AWS CloudSaga – Simulate security events in AWS AWS CloudSaga is for customers to test security controls and alerts within their Amazon Web Services (AWS) environment, using generated alerts based...
Aurora-Incident-Response: Incident Response Documentation made easy
Aurora Incident Response Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders. Aurora brings “Spreadsheet of Doom” used in the SANS FOR508 class to the next level....
fastfinder: Fast suspicious file finder
FastFinder – Incident Response – Fast suspicious file finder FastFinder is a lightweight tool made for threat hunting, live forensics, and triage on both Windows and Linux Platforms. It is focused...
