WithSecureLabs / macOSTriageCollectionScript

Related projects: ⓘ

• mandiant / ARDvark
  ARDvark parses the Apple Remote Desktop (ARD) files to pull out application usage, user activity, and filesystem listings.
  ☆34Updated last year
• bradleyjkemp / sigma-esf
  Run Sigma detection rules on logs from the new MacOS EndpointSecurity Framework
  ☆20Updated 3 years ago
• mcarmanize / esfriend
  A minimal malware analysis sandbox for macOS
  ☆26Updated last year
• mac4n6 / FSEventsParser
  Parser fo macOS/iOS FSEvents Logs
  ☆21Updated 4 months ago
• defensivedepth / osquery-filters
  ☆34Updated last year
• Hestat / calamity
  A script to assist in processing forensic RAM captures for malware triage
  ☆27Updated 3 years ago
• ahhh / macOS_profiles
  a collection of profiles for macOS designed for penetration testing or red teaming
  ☆28Updated 5 years ago
• its-a-feature / HealthInspector
  JXA situational awareness helper by simply reading specific files on a filesystem
  ☆66Updated 2 years ago
• zmbf0r3ns1cs / mac_int
  macOS Artifact Intelligence Tool
  ☆13Updated 5 years ago
• chihebchebbi / Azure-Sentinel-Hive-Playbook
  Send High & New Incidents to The Hive incident management Platform
  ☆17Updated 3 years ago
• deeso / fleet-deployment
  ☆15Updated 5 years ago
• swisscom / PowerSponse
  PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.
  ☆38Updated 2 years ago
• mandiant / DFUR-Splunk-App
  The "DFUR" Splunk application and data that was presented at the 2020 SANS DFIR Summit.
  ☆12Updated 4 years ago
• k3idii / ION
  Indicators of Normality
  ☆12Updated 2 years ago
• ezaspy / elrond
  Accelerating the collection, processing, analysis and outputting of digital forensic artefacts.
  ☆29Updated 2 months ago
• AndrewRathbun / Anti-Forensics-VHDX
  A sample VHDX file with multiple verbose examples of forensic and anti-forensics artifacts. Meant to be basic and can be expanded upon. P…
  ☆25Updated last year
• richiercyrus / Venator-Swift
  Swift Command line tool used for proactive detection of malicious activity on macOS systems.
  ☆68Updated 4 years ago
• jafarspalace / Crowdstrike-Falcon-Scripts
  Powershell Scripts to work on Crowdstrike Falcon that pull back raw data relevant to forensic investigation
  ☆21Updated last month
• WithSecureLabs / FLAIR
  F-Secure Lightweight Acqusition for Incident Response (FLAIR)
  ☆16Updated 3 years ago
• ydkhatri / Appx-Analysis
  Scripts and tools created for appx analysis talk (Magnet summit 2019)
  ☆13Updated 6 months ago
• mnrkbys / ma2tl
  macOS forensic timeline generator using the analysis result DBs of mac_apt
  ☆88Updated last year
• brokensound77 / toruk
  Crowdstrike Falcon Host script for iterating through instances to get alert and other relevant data
  ☆13Updated 5 years ago
• antman1p / freyja
  Freyja is a Golang, Purple Team agent that compiles into Windows, Linux and macOS x64 executables.
  ☆42Updated 3 weeks ago
• MythicAgents / typhon
  Payload designed for targeting Jamf enrolled devices.
  ☆35Updated last year
• mdegrazia / Chrome-Parse
  Parse Chrome History and Downloads into TSV or TLN format
  ☆15Updated 8 years ago
• ReconInfoSec / adversary-emulation-map
  Creates an ATT&CK Navigator map of an Adversary Emulation Plan
  ☆16Updated 3 years ago
• rkovar / ransomwarelegality
  Can you pay the ransom in your country?
  ☆13Updated 9 months ago
• mgreen27 / EventLogs
  ☆18Updated this week
• iThreatopedia / iThreatopedia.github.io
  A happy place for detection engineers, purple teamers and threat hunters focusing on macOS.
  ☆20Updated 2 years ago
• woanware / volatility-runner
  volatility-runner is a command line application designed to speed up memory forensics using the volatility framework, primarily for insta…
  ☆11Updated 5 years ago