QLOG: Windows Security Logging
What is Qlog QLOG provides enriched Event Logging for security-related events on Windows-based systems. It is under heavy development and currently in alpha state. QLOG doesn’t use API hooks and...
Category: Forensics
h0neytr4p: configure Honeypot for Blue Team
h0neytr4p Honeytrap (a.k.a h0neytr4p) is easy to configure, deploy honeypot for protecting against web recon and exploiting. How does it work? Blue teams can create a trap for each vulnerability...
packetsifter: perform batch processing of PCAP data to uncover potential IOCs
What is PacketSifter? PacketSifter is a tool to perform batch processing of PCAP data to uncover potential IOCs. Simply initialize PacketSifter with your desired integrations (VirusTotal, AbuseIPDB) and pass PacketSifter...
CobaltStrikeParser: Python parser for CobaltStrike Beacon’s configuration
CobaltStrikeParser Python parser for CobaltStrike Beacon’s configuration Description Use parse_beacon_config.py for stageless beacons, memory dumps, or C2 urls with Metasploit compatibility mode (default true). Many stageless beacons are PEs where the...
REW-sploit v0.5.1 releases: Dissecting Metasploit Attacks
REW-sploit Need help in analyzing Windows shellcode or attack coming from Metasploit Framework or Cobalt Strike (or maybe also other malicious or obfuscated code)? Do you need to automate tasks with simple scripting?...
dns monster v0.9.9 releases: Passive DNS Capture/Monitoring Framework
DNS Monster Passive DNS collection and monitoring built with Golang, Clickhouse, and Grafana: dnsmonster implements a packet sniffer for DNS traffic. It can accept traffic from a pcap file, a live...
TwiTi: tool for extracting IOCs from tweets
TwiTi TwiTi, a tool for extracting IOCs from tweets, can collect a large number of fresh, accurate IOCs. TwiTi does classifying whether a tweet contains IOCs or not. extracting IOCs...
xwf-yara-scanner: use of YARA within X-Ways natively
xwf-yara-scanner This X-Ways Forensics X-Tension allows the use of YARA within X-Ways natively. It uses both the X-Ways Forensics API and the YARA API to achieve this. Note: This is an open-source project, not a formal CrowdStrike product. There...
CyberPipe v5.0 releases: collect memory and disk forensics
CSIRT-Collect A PowerShell script to collect memory and (triage) disk forensics for incident response investigations. The script leverages a network share, from which it will access and copy the required...
tsharkVM: tshark + ELK analytics virtual machine
tshark ELK VM appliance tshark can be used in this way as a monitoring probe to push the data into Elasticsearch cluster which enables: Indexing of the selected protocol data...
mailMeta: forensics tool to help aid in the investigation of spoofed emails
mailMeta What is mailMeta? mailMeta is a python based forensic tool which reads through the email headers from the email file and extracts crucial information to identify if the email is...
tpotce v22.04.0 releases: The All In One Honeypot Platform
T-Pot – The All In One Honeypot Platform T-Pot is based on the Debian (Stable) network installer. The honeypot daemons as well as other support components are dockered. This allows T-Pot...
FRIDA-DEXDump v2.0.1 releases: Fast search and dump dex on memory
FRIDA-DEXDump Fast search and dump dex on memory Features support fuzzy search broken header dex. fix struct data of dex-header. compatible with all android versions (Frida supported). support loading as...
HoneyCreds: detect responder and other network poisoners
HoneyCreds HoneyCreds network credential injection to detect responder and other network prisoners. Install git clone https://github.com/Ben0xA/HoneyCreds.git cd HoneyCreds pip3 install -r requirements.txt Settings It is advised that you change...
Memprocfs Hunter: memory forensic wrapper
Memprocfs Hunter This script is a memory forensic wrapper to MemProcFS for memory speed analysis. It includes several hunting modules and ELK import with pre-built hunting dashboards. It has cool...
