jamf / aftermath
Aftermath is a free macOS IR framework
☆474Updated 5 months ago
Related projects ⓘ
Alternatives and complementary repositories for aftermath
- A repository for open-source resources created for use with or alongside Jamf Protect.☆188Updated last week
- Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" ma…☆438Updated 2 months ago
- ☆211Updated last month
- AutoMacTC: Automated Mac Forensic Triage Collector☆529Updated 2 years ago
- An osquery extension for endpoint engineers☆99Updated last month
- Suite of tools to facilitate attacks against the Jamf macOS management platform.☆175Updated 3 years ago
- A binary authorization and monitoring system for macOS☆64Updated this week
- Post-Infection Collection Toolkit☆93Updated last year
- ☆67Updated 3 years ago
- The CrowdStrike Falcon SDK for Python☆368Updated last week
- Production-ready detection & response queries for osquery☆523Updated this week
- ☆101Updated 2 years ago
- Swift binary that will change a local administrator password to a random generated password. Similar behavior to LAPS for Windows☆385Updated 5 months ago
- SCuBA Secure Configuration Baselines and assessment tool for Google Workspace☆156Updated this week
- Mergen is an open-source, native macOS application for auditing and checking the security of your MacOS.☆157Updated last year
- Mapping XProtect's obfuscated malware family names to common industry names.☆82Updated 6 months ago
- A ruleset to find potentially malicious code in macOS malware samples☆39Updated last year
- CIS Benchmarks for macOS Catalina☆122Updated last month
- osquery extensions by Trail of Bits☆262Updated last year
- Aftermath is a free macOS incident response framework☆28Updated 8 months ago
- A command line tool for pstree-like output on macOS with additional pid capturing capabilities☆245Updated 2 months ago
- This is the integration to feed Falcon X IOC data into zscaler's platform☆14Updated 4 months ago
- SOFA | A MacAdmin's Simple Organized Feed for Apple Software Updates☆162Updated this week
- ✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The …☆255Updated 9 months ago
- A serverless sync server for Santa, built on AWS☆83Updated 7 months ago
- Pokes users about outstanding security risks found by Crowdstrike Spotlight or vmware Workspace ONE so they secure their own endpoint.☆28Updated this week
- Simple Docker-based quickstart for osquery, Fleet, and ELK stack☆60Updated last year
- A macOS authorization plugin that helps MDM administrators ensure valid FileVault keys are escrowed for all their Macs.☆204Updated 2 months ago
- ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit l…☆144Updated this week
- A collection of scripts and extension attributes created for managing Mac workstations via Jamf Pro.☆307Updated 5 months ago