Rip Raw is a small tool to analyse the memory of compromised Linux systems.
☆134Jan 31, 2022Updated 4 years ago
Alternatives and similar repositories for rip_raw
Users that are interested in rip_raw are comparing it to the libraries listed below
Sorting:
- macOS Artifact Intelligence Tool☆13Apr 30, 2019Updated 6 years ago
- ☆24Mar 12, 2025Updated 11 months ago
- Scripts to integrate DFIR-IRIS, MISP and TimeSketch☆35Feb 2, 2022Updated 4 years ago
- A python script developed to process Windows memory images based on triage type.☆266Nov 25, 2023Updated 2 years ago
- A project created with an aim to emulate and test exfiltration of data over different network protocols.☆31Mar 21, 2023Updated 2 years ago
- ☆41Apr 5, 2025Updated 10 months ago
- Automatically spider the result set of a Censys/Shodan search and download all files where the file name or folder path matches a regex.☆28Apr 22, 2023Updated 2 years ago
- Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of par…☆253Nov 18, 2024Updated last year
- Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.☆208Jul 21, 2022Updated 3 years ago
- PowerShell module for Office 365 and Azure log collection☆279Sep 22, 2025Updated 5 months ago
- IOCPARSER.COM is a Fast and Reliable service that enables you to extract IOCs and intelligence from different data sources.☆36Jan 20, 2022Updated 4 years ago
- A framework for orchestrating forensic collection, processing and data export☆343Feb 18, 2026Updated last week
- PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.☆36Jul 11, 2023Updated 2 years ago
- Simulates a compromise in a cloud and container environment☆34Dec 18, 2024Updated last year
- Fun tools around the EBS Direct API☆19Apr 16, 2021Updated 4 years ago
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆785Feb 22, 2026Updated last week
- Stand-alone parser for User Access Logging from Server 2012 and newer systems☆78Jan 9, 2024Updated 2 years ago
- Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.☆75Jan 18, 2022Updated 4 years ago
- HazProne is a Cloud Pentesting Framework that emulates close to Real-World Scenarios by deploying Vulnerable-By-Demand AWS resources enab…☆40Jul 15, 2022Updated 3 years ago
- Repo with supporting material for the talk titled "Cracking the Beacon: Automating the extraction of implant configurations"☆11Feb 6, 2025Updated last year
- Rhaegal is a tool written in Python 3 used to scan Windows Event Logs for suspicious logs. Rhaegal uses custom rule format to detect sus…☆42Sep 21, 2023Updated 2 years ago
- A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.☆117Jan 26, 2022Updated 4 years ago
- Forensic Artifact Collection Tool for macOS☆118Jul 28, 2025Updated 7 months ago
- The long shadow to emerge as other Git repositories☆18Jul 8, 2024Updated last year
- The home of the BriMor Labs rdpieces Perl script that tries to rebuild parsed RDP Bitmap Cache images☆89Aug 29, 2023Updated 2 years ago
- macOS forensic timeline generator using the analysis result DBs of mac_apt☆93Sep 7, 2023Updated 2 years ago
- Incident Response - Fast suspicious file finder☆249Jan 24, 2026Updated last month
- Enumerate AWS cloud resources based on provided credential☆51May 11, 2022Updated 3 years ago
- Powershell module for VMWare vSphere forensics☆167Nov 8, 2024Updated last year
- Blueteam operational triage registry hunting/forensic tool.☆149Sep 2, 2025Updated 5 months ago
- JPCERT/CC public YARA rules repository☆109Nov 14, 2025Updated 3 months ago
- Hundred Days of Yara Challenge☆12Jun 21, 2022Updated 3 years ago
- ☆11Aug 3, 2018Updated 7 years ago
- Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or event…☆77Jul 13, 2021Updated 4 years ago
- evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.☆158Nov 30, 2021Updated 4 years ago
- A Jupyter notebook to assist with the analysis of the output generated from Volatility memory extraction framework.☆97May 28, 2023Updated 2 years ago
- Continuous kerberoast monitor☆45Aug 24, 2023Updated 2 years ago
- Transform Linux Audit logs for SIEM usage☆815Updated this week
- An implementation of infrastructure-as-code scanning using dynamic tooling.☆56Jan 18, 2022Updated 4 years ago