PacketStreamer Deepfence PacketStreamer is a high-performance remote packet capture and collection tool. It is used by Deepfence’s ThreatStryker security observability platform to gather network traffic on demand from cloud workloads for forensic analysis. Primary design goals:...
hollows_hunter Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches). It is an application based on PE-sieve (a library version), so there is a big overlap...
Linux Evidence Acquisition Framework (LEAF) Linux Evidence Acquisition Framework (LEAF) acquires artifacts and evidence from Linux EXT4 systems, accepting user input to customize the functionality of the tool for easier scalability. Offering several modules...
DDWPasteRecon Pastesites are websites that allow users to share plain text through public posts called “pastes.” Once attackers compromise the external perimeter and gain access to the internal resources they release the part of...
Telegrip Telegrip is a GUI digital forensic tool that deals with Telegram-related cases. Telegrip provides several features: Telegrip acquires sparse images from Android devices containing the device information and all Telegram-related data. Parses and...
xpid It’s nmap but for pids. xpid gives a user the ability to “investigate” for process details on a Linux system. For example, a sleeping thread will have a directory /proc/[pid] that can be navigated to,...
Lupo — Malware IOC Extractor Debugging module for Malware Analysis Automation Introduction Working on security incidents that involve malware, we come across situations on a regular basis where we feel the need to automate...
ecapture capture SSL/TLS text content without CA cert by eBPF. eBPF is a revolutionary technology with origins in the Linux kernel that can run sandboxed programs in an operating system kernel. It is used...
Nightingale Nightingale is an enterprise-level cloud-native monitoring system, which can be used as a drop-in replacement for Prometheus for alerting and management. Nightingale is a cloud-native monitoring system by All-In-On design, that supports enterprise-class...
Scirius Scirius Community Edition is a web interface dedicated to Suricata ruleset management. It handles the rules file and update associated files. Scirius CE is developed by Stamus Networks and is available under the GNU...
misp-wireshark misp-wireshark is a Lua plugin intended to help analysts extract data from Wireshark and convert it into the MISP Core format. Installation On Linux, clone the repository in Wireshark’s plugin location folder mkdir...
ma2tl (mac_apt to timeline) This is a DFIR tool for generating a macOS forensic timeline from the analysis result DBs of mac_apt. Install Requirements Python 3.7.0 or later pytz tzlocal xlsxwriter Download git clone https://github.com/mnrkbys/ma2tl.git...
Grafiki Grafiki is a Django project about Sysmon and graphs, for the time being. In my opinion EventViewer, Elastic, and even Kibana, are not graphic enough. The current threats are complicated and if attackers...
Rip Raw Rip Raw is a small tool to analyse the memory of compromised Linux systems. It is similar in purpose to Bulk Extractor, but particularly focused on extracting system Logs from memory dumps...
hcltm Threat Modeling with HCL Overview There are many different ways in which a threat model can be documented. From a simple text file to more in-depth word documents, to fully instrumented threat models...
Secure Your Connection
