T-Pot – The All In One Honeypot Platform T-Pot is based on the Debian (Stable) network installer. The honeypot daemons as well as other support components are dockered. This allows T-Pot to run multiple honeypot...
CSIRT-Collect A PowerShell script to collect memory and (triage) disk forensics for incident response investigations. The script leverages a network share, from which it will access and copy the required executables and subsequently upload...
honeypots 30 low-high level honeypots in a single PyPI package for monitoring network traffic, bots activities, and username \ password credentials. The honeypots respond back, non-blocking, can be used as objects, or called directly...
IPED Digital Forensic Tool IPED is open-source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by private examiners....
DFIR-O365RC The DFIR-O365RC PowerShell module is a set of functions that allow the DFIR analyst to collect logs relevant for Office 365 Business Email Compromise investigations. The logs are generated in JSON format and...
Suzaku is a threat hunting and fast forensics timeline generator for cloud logs. (Imagine Hayabusa but for cloud logs instead of Windows event logs.) It is currently under active development with basic native sigma detection support for AWS...
PSGumshoe PSGumshoe is a Windows PowerShell module for the collection of OS and domain artifacts for the purposes of performing live response, hunt, and forensics. The module focuses on being as forensically sound as...
HAWK What Hawk is and isn’t Hawk provides a Limited analysis of the gathered data. This is by design! Hawk is here to help get all of the data in a single place it...
AutoTimeliner Automagically extract forensic timeline from volatile memory dumps. How it works AutoTimeline automates this workflow: Identify the correct volatility profile for the memory image. Runs the timeliner plugin against volatile memory dump using volatility. Runs the mftparser volatility...
STRIDE GPT STRIDE GPT is an AI-powered threat modeling tool that leverages OpenAI’s GPT models to generate threat models and attack trees for a given application based on the STRIDE methodology. Users provide application...
SRUM-DUMP2 SRUM Dump extracts information from the System Resource Utilization Management Database and creates an Excel spreadsheet. The SRUM is one of the best sources for applications that have run on your system in...
Introduction “Forensic Image Analysis is the application of image science and domain expertise to interpret the content of an image and/or the image itself in legal matters. Major subdisciplines of Forensic Image Analysis with...
HFish It is a cross-platform honeypot platform developed based on golang, which has been meticulously built for enterprise security Multi-function: Not just support HTTP(S) Pot,It also supports SSH、SFTP、Redis、Mysql、FTP、Telnet、Deep etc. Expansibility: Provide API Interface,Users can expand honeypot module at...
The WinPmem memory acquisition driver and userspace WinPmem has been the default open-source memory acquisition driver for windows for a long time. It used to live in the Rekall project but has recently been...
cyberbro This project aims to provide a simple and efficient way to check the reputation of your observables using multiple services, without having to deploy a complex solution. Features Effortless Input Handling: Paste raw logs, IoCs,...
ClientInspector Are you in control? – or are some of your core infrastructure processes like patching, antivirus, and bitlocker enablement drifting? Or would you like to do advanced inventory, where you can look up your warranty state against...
