jamf / aftermath

Related projects ⓘ

Alternatives and complementary repositories for aftermath

• jamf / jamfprotect
  A repository for open-source resources created for use with or alongside Jamf Protect.
  ☆188Updated last week
• infosecB / LOOBins
  Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" ma…
  ☆438Updated 2 months ago
• mandiant / macos-UnifiedLogs
  ☆211Updated last month
• CrowdStrike / automactc
  AutoMacTC: Automated Mac Forensic Triage Collector
  ☆529Updated 2 years ago
• macadmins / osquery-extension
  An osquery extension for endpoint engineers
  ☆99Updated last month
• WithSecureLabs / Jamf-Attack-Toolkit
  Suite of tools to facilitate attacks against the Jamf macOS management platform.
  ☆175Updated 3 years ago
• northpolesec / santa
  A binary authorization and monitoring system for macOS
  ☆64Updated this week
• thomasareed / pict
  Post-Infection Collection Toolkit
  ☆93Updated last year
• mvdbent / CIS-macOS-Security
  ☆67Updated 3 years ago
• CrowdStrike / falconpy
  The CrowdStrike Falcon SDK for Python
  ☆368Updated last week
• chainguard-dev / osquery-defense-kit
  Production-ready detection & response queries for osquery
  ☆523Updated this week
• mvdbent / CIS-Script
  ☆101Updated 2 years ago
• joshua-d-miller / macOSLAPS
  Swift binary that will change a local administrator password to a random generated password. Similar behavior to LAPS for Windows
  ☆385Updated 5 months ago
• cisagov / ScubaGoggles
  SCuBA Secure Configuration Baselines and assessment tool for Google Workspace
  ☆156Updated this week
• sametsazak / mergen
  Mergen is an open-source, native macOS application for auditing and checking the security of your MacOS.
  ☆157Updated last year
• SentineLabs / XProtect-Malware-Families
  Mapping XProtect's obfuscated malware family names to common industry names.
  ☆82Updated 6 months ago
• SentineLabs / macos-ttps-yara
  A ruleset to find potentially malicious code in macOS malware samples
  ☆39Updated last year
• jamf / CIS-for-macOS-Catalina-CP
  CIS Benchmarks for macOS Catalina
  ☆122Updated last month
• trailofbits / osquery-extensions
  osquery extensions by Trail of Bits
  ☆262Updated last year
• stuartjash / aftermath
  Aftermath is a free macOS incident response framework
  ☆28Updated 8 months ago
• themittenmac / TrueTree
  A command line tool for pstree-like output on macOS with additional pid capturing capabilities
  ☆245Updated 2 months ago
• CrowdStrike / zscaler-FalconX-integration
  This is the integration to feed Falcon X IOC data into zscaler's platform
  ☆14Updated 4 months ago
• macadmins / sofa
  SOFA | A MacAdmin's Simple Organized Feed for Apple Software Updates
  ☆162Updated this week
• 0x4D31 / detection-and-response-pipeline
  ✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The …
  ☆255Updated 9 months ago
• airbnb / rudolph
  A serverless sync server for Santa, built on AWS
  ☆83Updated 7 months ago
• hazcod / security-slacker
  Pokes users about outstanding security risks found by Crowdstrike Spotlight or vmware Workspace ONE so they secure their own endpoint.
  ☆28Updated this week
• mikermcneil / fleet-osquery-in-a-box
  Simple Docker-based quickstart for osquery, Fleet, and ELK stack
  ☆60Updated last year
• macadmins / escrow-buddy
  A macOS authorization plugin that helps MDM administrators ensure valid FileVault keys are escrowed for all their Macs.
  ☆204Updated 2 months ago
• invictus-ir / ALFA
  ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit l…
  ☆144Updated this week
• palantir / jamf-pro-scripts
  A collection of scripts and extension attributes created for managing Mac workstations via Jamf Pro.
  ☆307Updated 5 months ago