Forensic Tools forensictools is a toolkit designed for digital forensics, offering a wide array of tools. Its primary goal is to simplify the creation of a virtual environment for conducting forensic examinations. In addition to...
APT-Hunter APT-Hunter is a Threat Hunting tool for windows event logs which made by the purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the...
OSTE-Web-Log-Analyzer Automate the process of analyzing web server logs with the Python Web Log Analyzer. This powerful tool is designed to enhance security by identifying and detecting various types of cyber attacks within your...
MemProcFS Analyzer MemProcFS-Analyzer.ps1 is a PowerShell script utilized to simplify the usage of MemProcFS and to assist with the analysis workflow. Features: Auto-Install of MemProcFS, EvtxECmd, Elasticsearch, Kibana Auto-Update of MemProcFS, EvtxECmd (incl. Maps),...
Hayabusa Hayabusa is a Windows event log fast forensics timeline generator and threat hunting tool created by the Yamato Security group in Japan. Hayabusa means “peregrine falcon” in Japanese and was chosen as peregrine falcons are the fastest animal in the...
VelLMes-AI-Honeypot The VelLMes read as (Vel-L-M-es, from Slavic deity Veles and LLMs) creates interactive, dynamic, and realistic honeypots through the use of Large Language Models (LLMs). The VelLMes tool was created from a research project to show the...
MSTIC Jupyter and Python Security Tools Microsoft Threat Intelligence Python Security Tools. The msticpy package was initially developed to support Jupyter Notebooks authoring for Azure Sentinel. Many of the included tools can be used in other security scenarios for...
ecapture capture SSL/TLS text content without CA cert by eBPF. eBPF is a revolutionary technology with origins in the Linux kernel that can run sandboxed programs in an operating system kernel. It is used...
Grove Grove is a Software as a Service (SaaS) log collection framework, designed to support the collection of logs from services which do not natively support log streaming. Grove enables teams to collect security-related...
diskover diskover is an open-source file system indexer that uses Elasticsearch to index and manage data across heterogeneous storage systems. Using diskover, you are able to more effectively search and organize files, and system...
Volatility 3: The volatile memory extraction framework Volatility is the world’s most widely used framework for extracting digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system...
Velociraptor – Endpoint visibility and collection tool. Velociraptor is a unique, advanced open-source endpoint monitoring, digital forensic, and cyber response platform. It was originally developed by DFIR professionals who needed a powerful and efficient...
ActivityWatch The goal of ActivityWatch is simple: Enable the collection of as many valuable lifedata as possible without compromising user privacy. What ActivityWatch is A set of watchers that record relevant information about what you...
Slhasher – Bulk VirusTotal Hash Lookups Slhasher is a collaborative tool designed to perform bulk SHA256 hash lookups through a graphical user interface. It integrates with VirusTotal to fetch hash metadata and supports exporting...
Extract VMK of BitLocker volume with TPMAndPIN protector and knowing PIN Technic to extract VMK from the bitlocker volume that TPM protects are already documented in different publications. This GitHub repo gives a toolset...
scared scared is a library that aims to provide tools to achieve side-channel analysis. It provides pretty high-level APIs, and ready-to-use tools to quickly run classic CPA, DPA, … leakage, and reverse analysis. It...
