Live Forensicator Live Forensicator is part of the Black Widow Toolbox, its aim is to assist Forensic Investigators and Incidence responders in carrying out a quick live forensic investigation. It achieves this by gathering...
Catalyst Catalyst is an incident response platform or SOAR (Security Orchestration, Automation and Response) system. It can help you to automate your alert handling and incident response procedures. Features Ticket (Alert & Incident) Management...
factual-rules-generator Factual-rules-generator is an open-source project which aims to generate YARA rules about installed software from a running operating system. The goal of the software is to be able to use a set of rules...
epagneul – visualize and investigate windows event logs Changelog v0.4 Added Observable: windows groups Relationships: TGT_DES_REQUEST, TGT_AES_REQUEST, TGT_RC4_REQUEST Users ranking Changed Better management of Relationships and Observables Edges labels are now more generic (instead...
S1EM – a SIEM with SIRP and Threat Intel, all in one Today, cyber-attacks are more numerous and cause damage to companies. Nevertheless, many software products exist to detect cyber threats. The S1EM solution...
Fennec fennec is an artifact collection tool written in Rust to be used during an incident response on *nix based systems. fennec allows you to write a configuration file that contains how to collect...
AWS CloudSaga – Simulate security events in AWS AWS CloudSaga is for customers to test security controls and alerts within their Amazon Web Services (AWS) environment, using generated alerts based on security events seen...
Aurora Incident Response Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders. Aurora brings “Spreadsheet of Doom” used in the SANS FOR508 class to the next level. Having led many cases...
FastFinder – Incident Response – Fast suspicious file finder FastFinder is a lightweight tool made for threat hunting, live forensics, and triage on both Windows and Linux Platforms. It is focused on endpoint enumeration and...
Zircolite Zircolite is a standalone tool written in Python 3. It allows to use SIGMA rules on MS Windows EVTX (EVTX and JSON format) Zircolite can be used directly on the investigated endpoint (use releases) or...
WELA (Windows Event Log Analyzer) Yamato Security’s WELA(Windows Event Log Analyzer) aims to be the Swiss Army knife for Windows event logs. Currently, WELA’s greatest functionality is creating an easy-to-analyze logon timeline in order...
Winshark Wireshark plugin to work with Event Tracing for Windows Microsoft Message Analyzer is being retired and its download packages were removed from microsoft.com sites on November 25, 2019. Wireshark has built a huge library...
Incident Response Collection Protocol (IRCP) A series of PowerShell scripts to automate artifact collection & assist Responders triaging endpoints in lab-based & onsite environments. IRCP Features IRCP supports E01, VMDK, VHD, VHDX images &...
Rogue Assembly Hunter Rogue Assembly Hunter is a utility for discovering ‘interesting’ .NET CLR modules in running processes. Background .NET is a very powerful and capable development platform and runtime framework for building and...
RansomWatch RansomWatch is a ransomware leak site monitoring tool. It will scrape all of the entries on various ransomware leak sites, store the data in an SQLite database, and send notifications via Slack or...
Secure Your Connection
