DNS Diagnostics and Performance Measurement Tools Ever been wondering if your ISP is hijacking your DNS traffic? Ever observed any misbehavior with your DNS responses? Ever been redirected to wrong address and suspected something is...
chainsaw – Rapidly Search and Hunt through Windows Event Logs Chainsaw provides a powerful “first-response” capability to quickly identify threats within Windows event logs. It offers a generic and fast method of searching through...
Tracee – Container, and system tracing using eBPF Tracee is a lightweight and easy-to-use container and system tracing tool. It allows you to observe system calls and other system events in real-time. A unique...
OWASP O-Saft OWASP SSL advanced forensic tool / OWASP SSL audit for testers O-Saft is easy to use tool to show information about SSL certificate and tests the SSL connection according to given list...
What is Batfish? Batfish is a network validation tool that provides correctness guarantees for security, reliability, and compliance by analyzing the configuration of network devices. It builds complete models of network behavior from device...
Gitxray Gitxray (short for Git X-Ray) is a multifaceted security tool designed for use on GitHub repositories. It can serve many purposes, including OSINT and Forensics. gitxray leverages public GitHub REST APIs to gather information that...
Catalyst Catalyst is an incident response platform or SOAR (Security Orchestration, Automation, and Response) system. It can help you to automate your alert handling and incident response procedures. Features Ticket (Alert & Incident) Management...
logdata-anomaly-miner This tool parses log data and allows to definition of analysis pipelines for anomaly detection. It was designed to run the analysis with limited resources and the lowest possible permissions to make it...
Grimoire Grimoire is a “REPL for detection engineering” that allows you to generate datasets of cloud audit logs for common attack techniques. It currently supports AWS. How it works First, Grimoire detonates an attack....
DFIR Toolkit CLI tools for forensic investigation of Windows artifacts Overview of timelining tools Install cargo install dfir-toolkit Tool cleanhive merges logfiles into a hive file xx evtx2bodyfile Example evtxanalyze Analyze evtx...
dissect Dissect is a digital forensics and incident response framework and toolset developed by Fox-IT (part of NCC Group). It allows you to quickly access and analyze forensic artifacts from various disk and file formats....
Real Intelligence Threat Analytics Real Intelligence Threat Analytics (RITA) is an open-source framework for network traffic analysis. The framework ingests Bro Logs, and currently supports the following analysis features: Beaconing Detection: Search for signs of...
Arkime Arkime is an open-source, large-scale, full packet capturing, indexing, and a database system. Arkime augments your current security infrastructure to store and index network traffic in standard PCAP format, providing fast, indexed access....
Mobile Verification Toolkit Mobile Verification Toolkit (MVT) is a collection of utilities to simplify and automate the process of gathering forensic traces helpful to identify a potential compromise of Android and iOS devices. It...
Falco Falco is a cloud-native security tool. It provides near real-time threat detection for cloud, container, and Kubernetes workloads by leveraging runtime insights. Falco can monitor events defined via customizable rules from various sources, including the...
Odinova Digital Tiger: Overview Odinova Digital Tiger is an advanced application designed for Open-Source Intelligence (OSINT), equipped with versatile tools and a user-friendly interface to streamline investigative workflows and enhance data analysis capabilities. Documenter:...
Network Defense / Vulnerability Assessment
checksec: check the properties of executables
December 18, 2024
Vulnerability Assessment / Web AppSec
CloudSploit: Cloud Security Posture Management
December 19, 2024