dfir-dd/dfir-toolkit
CLI tools for forensic investigation of Windows artifacts
Defending
0x4D31/detection-and-response-pipeline: ✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The purpose is to create a reference hub for designing effective threat detection and response pipelines. 👷 🏗
✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The purpose is to create a reference hub for designing effective...
sandflysecurity/sandfly-processdecloak: Sandfly Linux Stealth Rootkit Decloaking Utility
Sandfly Linux Stealth Rootkit Decloaking Utility. Contribute to sandflysecurity/sandfly-processdecloak development by creating an account on GitHub.
GitHub - praetorian-inc/gato: GitHub Self-Hosted Runner Enumeration and Attack Tool
GitHub Self-Hosted Runner Enumeration and Attack Tool - GitHub - praetorian-inc/gato: GitHub Self-Hosted Runner Enumeration and Attack Tool
The Defender’s Guide to the Windows Registry
It’s dangerous to defend the registry alone! Take this!
GitHub - cugu/awesome-forensics: A curated list of awesome forensic analysis tools and resources
A curated list of awesome forensic analysis tools and resources - GitHub - cugu/awesome-forensics: A curated list of awesome forensic analysis tools and resources
GitHub - last-byte/PersistenceSniper: Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Made with ❤️ by @last0x00 and @dottor_morte
Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Made with ❤️ by @last0x00 and @dottor_morte - Git...
GitHub - decalage2/awesome-security-hardening: A collection of awesome security hardening guides, tools and other resources
A collection of awesome security hardening guides, tools and other resources - GitHub - decalage2/awesome-security-hardening: A collection of awesome security hardening guides, tools and other reso...
Linux Forensics
Everything related to Linux Forensics
GitHub - scipag/HardeningKitty: HardeningKitty - Checks and hardens your Windows configuration
HardeningKitty - Checks and hardens your Windows configuration - GitHub - scipag/HardeningKitty: HardeningKitty - Checks and hardens your Windows configuration
The Defender’s Guide to Windows Services
It’s dangerous to find malicious services alone! Take this!
GitHub - matanolabs/matano: Open source cloud-native security lake platform (SIEM alternative) for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS 🦀
Open source cloud-native security lake platform (SIEM alternative) for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS 🦀 - GitHub - matanolabs/mat...
GitHub - TonyPhipps/SIEM: SIEM Tactics, Techiques, and Procedures
SIEM Tactics, Techiques, and Procedures. Contribute to TonyPhipps/SIEM development by creating an account on GitHub.
ONYPHE - Cyber Defense Search Engine
ONYPHE is a Cyber Defense Search Engine for open-source and cyber threat intelligence data collected by crawling various sources available on the Internet or by listening to Internet background noise. ONYPHE does correlate this information with data gathered by performing active Internet scanning for connected devices and also by crawling Web site URLs. It then normalizes information and makes it available via an API and its query language.
Threat Intelligence - Pulsedive
Pulsedive is a free threat intelligence platform. Search, scan, and enrich IPs, URLs, domains and other IOCs from OSINT feeds or submit your own.
GitHub - meirwah/awesome-incident-response: A curated list of tools for incident response
A curated list of tools for incident response. Contribute to meirwah/awesome-incident-response development by creating an account on GitHub.
GitHub - fox-it/dissect: This project is a meta package, it will install all other Dissect modules with the right combination of versions.
This project is a meta package, it will install all other Dissect modules with the right combination of versions. - GitHub - fox-it/dissect: This project is a meta package, it will install all othe...
GitHub - 0xtavian/awesome-attack-surface-monitoring: Curated list of open-source & paid Attack Surface Monitoring (ASM) tools.
Curated list of open-source & paid Attack Surface Monitoring (ASM) tools. - GitHub - 0xtavian/awesome-attack-surface-monitoring: Curated list of open-source & paid Attack Surface Mo...
GitHub - aquasecurity/tracee: Linux Runtime Security and Forensics using eBPF
Linux Runtime Security and Forensics using eBPF. Contribute to aquasecurity/tracee development by creating an account on GitHub.
GitHub - avast/yari: YARI is an interactive debugger for YARA Language.
YARI is an interactive debugger for YARA Language. - GitHub - avast/yari: YARI is an interactive debugger for YARA Language.
GitHub - StrangerealIntel/Orion: A YARA rules repository continuously updated for monitoring the old and new threats from articles, incidents responses ...
A YARA rules repository continuously updated for monitoring the old and new threats from articles, incidents responses ... - GitHub - StrangerealIntel/Orion: A YARA rules repository continuously up...
Windows System Calls For Hunters
Introduction System calls are the ultimate high-level atomic actions that Malware writers might control. System calls sequences are the defacto ultimate way to divide behaviors between good and bad…
GitHub - google/hashr
Contribute to google/hashr development by creating an account on GitHub.
DFIR triage and Timeline Analysis
During incident response, it is essential to establish a full context around the time of alert or when suspicious activity was identified…
Filesec.io
Caching Out: The Value of Shimcache for Investigators | Mandiant
FireHOL IP Lists | IP Blacklists | IP Reputation Feeds
350+ IP blacklists, IP blocklists and IP Reputation feeds, about Cybercrime, Fraud, Botnets, Μalware, Virus, Abuse, Attacks, Open Proxies, Anonymizers. See their changes and updates, size over time, retention policy, geographic coverage, comparisons and overlaps.
GitHub - arkime/arkime: Arkime (formerly Moloch) is an open source, large scale, full packet capturing, indexing, and database system.
Arkime (formerly Moloch) is an open source, large scale, full packet capturing, indexing, and database system. - GitHub - arkime/arkime: Arkime (formerly Moloch) is an open source, large scale, ful...
GitHub - orlikoski/CyLR: CyLR - Live Response Collection Tool
CyLR - Live Response Collection Tool. Contribute to orlikoski/CyLR development by creating an account on GitHub.
Enter Mordor 😈: Pre-recorded Security Events from Simulated Adversarial Techniques 🛡
It is Monday and you want to start your week by learning about a new adversarial technique and build detections around it. What is the…