Recruit-CSIRT / LinuxTriage

Related projects ⓘ

Alternatives and complementary repositories for LinuxTriage

• CyberDefenseInstitute / CDIR-A
  CDIR Analyzer - parsers for data collected by CDIR Collector
  ☆18Updated last year
• Recruit-CSIRT / macOSTriageTool
  A DFIR tool to collect artifacts on macOS
  ☆53Updated 4 years ago
• Recruit-CSIRT / MacRipper
  A DFIR tool to analyze artifacts on macOS
  ☆31Updated 3 years ago
• Yamato-Security / RustyBlue
  RustyBlue is a rust implementation of DeepblueCLI, a forensics log analyzer for finding evidence of compromise from windows event logs.
  ☆68Updated 2 years ago
• MISP / PyMISPWarningLists
  Pythonic way to work with the warning lists defined there: https://github.com/MISP/misp-warninglists
  ☆31Updated this week
• Recruit-CSIRT / odoriba
  Malware Dynamic Analysis Platform enhanced Cuckoo Sandbox
  ☆24Updated 6 years ago
• zerber0s / mac_int
  macOS Artifact Intelligence Tool
  ☆13Updated 5 years ago
• zerofox-oss / phishpond
  Because phishtank was taken.. explore phishing kits in a contained environment!
  ☆43Updated 2 years ago
• CIRCL / yara-validator
  Validates yara rules and tries to repair the broken ones.
  ☆39Updated 4 years ago
• 4n6ist / bulk_extractor-rec
  It is based on bulk_extractor (https://github.com/simsong/bulk_extractor) and add scanners for record carving
  ☆37Updated 4 years ago
• ANSSI-FR / bits_parser
  Extract BITS jobs from QMGR queue and store them as CSV records
  ☆74Updated 4 months ago
• deadbits / yara-rules
  Collection of YARA signatures from individual research
  ☆42Updated last year
• haxrob / CVE-2019-19781
  DFIR notes for Citrix ADC (NetScaler) appliances vulnerable to CVE-2019-19781
  ☆45Updated 4 years ago
• swisscom / PowerGRR
  PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.
  ☆56Updated 2 years ago
• ExabeamLabs / Synopsis
  Synopsis is a tool to aid analysts reviewing browser history files by providing a high-level “synopsis” of key information.
  ☆20Updated 6 years ago
• 3c7 / infrastructure-tracking-schema
  ☆24Updated 2 years ago
• airbus-cert / timeliner
  A rewrite of mactime, a bodyfile reader
  ☆36Updated 3 months ago
• pstirparo / utils
  Different DFIR and CTI utilities
  ☆36Updated 4 years ago
• certsocietegenerale / fame_modules
  Community modules for FAME
  ☆64Updated this week
• jshlbrd / threat-hunting-pocket-guide
  pocket guide for core threat hunting concepts
  ☆23Updated 4 years ago
• DissectMalware / base64_substring
  Generate a Yara rule to find base64-encoded files containg a specific keyword
  ☆40Updated 6 years ago
• chaoticmachinery / mass_triage_tools
  Mass Triage Tools
  ☆20Updated 4 months ago
• BreakingMalwareResearch / YetiToElastic
  YETI (Your Everyday Threat Intelligence) Integration to Elastic Stack
  ☆15Updated 3 years ago
• AndrewRathbun / EventTranscript.db-Research
  A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.
  ☆39Updated 2 years ago
• Velocidex / evtx-data
  Publicly shareable windows event log message data
  ☆27Updated 4 years ago
• Yara-Rules / yara-endpoint
  Yara-Endpoint is a tool useful for incident response as well as anti-malware enpoint base on Yara signatures.
  ☆104Updated 6 years ago
• 00010111 / smbtimeline
  ☆31Updated last month