xpid v1.3.2 releases: Linux Process Discovery
xpid It’s nmap but for pids. xpid gives a user the ability to “investigate” for process details on a Linux system. For example, a sleeping thread will have a directory /proc/[pid] that...
Category: Forensics
lupo: Malware IOC Extractor
Lupo — Malware IOC Extractor Debugging module for Malware Analysis Automation Introduction Working on security incidents that involve malware, we come across situations on a regular basis where we feel...
ecapture v0.7 releases: capture SSL/TLS text content without CA cert
ecapture capture SSL/TLS text content without CA cert by eBPF. eBPF is a revolutionary technology with origins in the Linux kernel that can run sandboxed programs in an operating system...
scirius: web application for Suricata ruleset management and threat hunting
Scirius Scirius Community Edition is a web interface dedicated to Suricata ruleset management. It handles the rules file and update associated files. Scirius CE is developed by Stamus Networks and is...
misp-wireshark: extract data from Wireshark and convert it into MISP format
misp-wireshark misp-wireshark is a Lua plugin intended to help analysts extract data from Wireshark and convert it into the MISP Core format. Installation On Linux, clone the repository in Wireshark’s...
ma2tl: macOS Forensic Timeline Generator
ma2tl (mac_apt to timeline) This is a DFIR tool for generating a macOS forensic timeline from the analysis result DBs of mac_apt. Install Requirements Python 3.7.0 or later pytz tzlocal xlsxwriter...
Grafiki: Threat Hunting tool about Sysmon and graphs
Grafiki Grafiki is a Django project about Sysmon and graphs, for the time being. In my opinion EventViewer, Elastic, and even Kibana, are not graphic enough. The current threats are...
Rip Raw: analyse the memory of compromised Linux systems
Rip Raw Rip Raw is a small tool to analyse the memory of compromised Linux systems. It is similar in purpose to Bulk Extractor, but particularly focused on extracting system...
hcltm v0.1.6 releases: Threat Modeling with HCL
hcltm Threat Modeling with HCL Overview There are many different ways in which a threat model can be documented. From a simple text file to more in-depth word documents, to...
Live Forensicator: Powershell Script to aid Incidence Response and Live Forensics
Live Forensicator Live Forensicator is part of the Black Widow Toolbox, its aim is to assist Forensic Investigators and Incidence responders in carrying out a quick live forensic investigation. It...
factual-rules-generator: generate YARA rules about installed software from a running operating system
factual-rules-generator Factual-rules-generator is an open-source project which aims to generate YARA rules about installed software from a running operating system. The goal of the software is to be able to use...
epagneul v0.4.1 releases: visualize and investigate windows event logs
epagneul – visualize and investigate windows event logs Changelog v0.4 Added Observable: windows groups Relationships: TGT_DES_REQUEST, TGT_AES_REQUEST, TGT_RC4_REQUEST Users ranking Changed Better management of Relationships and Observables Edges labels are...
S1EM v31102022 releases: SIEM with SIRP and Threat Intel
S1EM – a SIEM with SIRP and Threat Intel, all in one Today, cyber-attacks are more numerous and cause damage to companies. Nevertheless, many software products exist to detect cyber...
Fennec v0.4 releases: Artifact collection tool for *nix systems
Fennec fennec is an artifact collection tool written in Rust to be used during an incident response on *nix based systems. fennec allows you to write a configuration file that...
AWS CloudSaga v1.0.1 releases: Simulate security events in AWS
AWS CloudSaga – Simulate security events in AWS AWS CloudSaga is for customers to test security controls and alerts within their Amazon Web Services (AWS) environment, using generated alerts based...
