The WinPmem memory acquisition driver and userspace WinPmem has been the default open-source memory acquisition driver for windows for a long time. It used to live in the Rekall project but has recently been...
cyberbro This project aims to provide a simple and efficient way to check the reputation of your observables using multiple services, without having to deploy a complex solution. Features Effortless Input Handling: Paste raw logs, IoCs,...
ClientInspector Are you in control? – or are some of your core infrastructure processes like patching, antivirus, and bitlocker enablement drifting? Or would you like to do advanced inventory, where you can look up your warranty state against...
T3SF – Technical Tabletop Exercises Simulation Framework T3SF is a framework that offers a modular structure for the orchestration of events based on a master scenario events list (MSEL) together with a set of...
AttackGen AttackGen is a cybersecurity incident response testing tool that leverages the power of large language models and the comprehensive MITRE ATT&CK framework. The tool generates tailored incident response scenarios based on user-selected threat...
AuthLogParser AuthLogParser is a powerful Digital Forensics and Incident Response tool designed specifically for analyzing Linux authentication logs, commonly known as auth.log. This tool serves as an invaluable asset for Incident Responders, streamlining the...
VolWeb VolWeb is a digital forensic memory analysis platform that leverages the power of the Volatility 3 framework. It is dedicated to aiding in investigations and incident responses. Objective The goal of VolWeb...
DroneXtract DroneXtract is a comprehensive digital forensics suite for DJI drones made with Golang. It can be used to analyze drone sensor values and telemetry data, visualize drone flight maps, audit for criminal activity,...
MDE Kit MDE Kit’s objective is to help automate and empower your investigation, detection, prevention, and response capabilities leveraging the MDE API. MDE Kit leverages many of the available Microsoft Defender for Endpoint (MDE)...
HASH (HTTP Agnostic Software Honeypot) HASH is a framework for creating and launching low interactive honeypots. Why HASH? The main philosophy of HASH is to be easy to configure and flexible to mimic any...
ChopChopGo ChopChopGo inspired by Chainsaw utilizes Sigma rules for forensics artifact recovery, enabling rapid and comprehensive analysis of logs and other artifacts to identify potential security incidents and threats on Linux. Features 🎯 Hunt...
Forensic Tools forensictools is a toolkit designed for digital forensics, offering a wide array of tools. Its primary goal is to simplify the creation of a virtual environment for conducting forensic examinations. In addition to...
APT-Hunter APT-Hunter is a Threat Hunting tool for windows event logs which made by the purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the...
OSTE-Web-Log-Analyzer Automate the process of analyzing web server logs with the Python Web Log Analyzer. This powerful tool is designed to enhance security by identifying and detecting various types of cyber attacks within your...
MemProcFS Analyzer MemProcFS-Analyzer.ps1 is a PowerShell script utilized to simplify the usage of MemProcFS and to assist with the analysis workflow. Features: Auto-Install of MemProcFS, EvtxECmd, Elasticsearch, Kibana Auto-Update of MemProcFS, EvtxECmd (incl. Maps),...
Hayabusa Hayabusa is a Windows event log fast forensics timeline generator and threat hunting tool created by the Yamato Security group in Japan. Hayabusa means “peregrine falcon” in Japanese and was chosen as peregrine falcons are the fastest animal in the...
