Alternatives and similar repositories for aftermath

Users that are interested in aftermath are comparing it to the libraries listed below

• jamf / jamfprotect
  A repository for open-source resources created for use with or alongside Jamf Protect.
  ☆201Updated 3 weeks ago
• northpolesec / santa
  A binary and file access authorization system for macOS.
  ☆282Updated this week
• CrowdStrike / automactc
  AutoMacTC: Automated Mac Forensic Triage Collector
  ☆541Updated 3 years ago
• infosecB / LOOBins
  Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" ma…
  ☆462Updated 6 months ago
• thomasareed / pict
  Post-Infection Collection Toolkit
  ☆95Updated 2 years ago
• chainguard-dev / osquery-defense-kit
  Production-ready detection & response queries for osquery
  ☆573Updated this week
• mandiant / macos-UnifiedLogs
  ☆244Updated 2 months ago
• CrowdStrike / falconpy
  The CrowdStrike Falcon SDK for Python
  ☆410Updated this week
• macadmins / osquery-extension
  An osquery extension for endpoint engineers
  ☆107Updated 3 months ago
• themittenmac / TrueTree
  A command line tool for pstree-like output on macOS with additional pid capturing capabilities
  ☆256Updated 9 months ago
• ReversecLabs / Jamf-Attack-Toolkit
  Suite of tools to facilitate attacks against the Jamf macOS management platform.
  ☆185Updated 4 years ago
• mvdbent / CIS-macOS-Security
  ☆71Updated 3 years ago
• joshua-d-miller / macOSLAPS
  Swift binary that will change a local administrator password to a random generated password. Similar behavior to LAPS for Windows
  ☆410Updated 3 months ago
• mvdbent / CIS-Script
  ☆100Updated 2 years ago
• CrowdStrike / Falcon-Toolkit
  Unleash the power of the Falcon Platform at the CLI
  ☆119Updated this week
• okta / customer-detections
  ☆120Updated 2 weeks ago
• jamf / CIS-for-macOS-Catalina-CP
  CIS Benchmarks for macOS Catalina
  ☆122Updated 8 months ago
• elastic / dorothy
  Dorothy is a tool to test security monitoring and detection for Okta environments
  ☆182Updated 9 months ago
• sublime-security / sublime-rules
  Sublime rules for email attack detection, prevention, and threat hunting.
  ☆309Updated this week
• airbnb / rudolph
  A serverless sync server for Santa, built on AWS
  ☆94Updated 6 months ago
• SentineLabs / XProtect-Malware-Families
  Mapping XProtect's obfuscated malware family names to common industry names.
  ☆86Updated last year
• hkystar35 / MDM
  MDM Related code, docs, scripts, snippets, thoughts, and musings.
  ☆121Updated 3 weeks ago
• thinkst / canary-utils
  Collection of useful Canary tools
  ☆79Updated 2 weeks ago
• cedowens / SwiftBelt
  A macOS enumeration tool inspired by harmjoy's Windows-based Seatbelt enumeration tool. Author: Cedric Owens
  ☆328Updated 3 years ago
• elastic / SWAT
  Simple Workspace Attack Tool (SWAT) is a tool for simulating malicious behavior against Google Workspace in reference to the MITRE ATT&CK…
  ☆165Updated 7 months ago
• macadmins / sofa
  SOFA | A MacAdmin's Simple Organized Feed for Apple Software Updates
  ☆246Updated this week
• CrowdStrike / falcon-scripts
  Scripts to streamline the deployment and use of the CrowdStrike Falcon sensor
  ☆171Updated 3 weeks ago
• GossiTheDog / ThreatHunting
  Tools for hunting for threats.
  ☆582Updated last month
• kandji-inc / support
  Software provided by the Solutions Engineering and Support teams at Kandji, Inc.
  ☆192Updated 2 weeks ago
• CrowdStrike / psfalcon
  PowerShell for CrowdStrike's OAuth2 APIs
  ☆413Updated this week