jamf / aftermath
Aftermath is a free macOS IR framework
☆502Updated 4 months ago
Alternatives and similar repositories for aftermath:
Users that are interested in aftermath are comparing it to the libraries listed below
- A repository for open-source resources created for use with or alongside Jamf Protect.☆198Updated last month
- Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" ma…☆461Updated 4 months ago
- AutoMacTC: Automated Mac Forensic Triage Collector☆538Updated 3 years ago
- Production-ready detection & response queries for osquery☆561Updated last month
- An osquery extension for endpoint engineers☆106Updated 2 months ago
- ☆239Updated 3 weeks ago
- Post-Infection Collection Toolkit☆95Updated 2 years ago
- A binary and file access authorization system for macOS.☆202Updated this week
- Swift binary that will change a local administrator password to a random generated password. Similar behavior to LAPS for Windows☆406Updated last month
- ☆70Updated 3 years ago
- ☆100Updated 2 years ago
- Suite of tools to facilitate attacks against the Jamf macOS management platform.☆182Updated 4 years ago
- The CrowdStrike Falcon SDK for Python☆401Updated this week
- CIS Benchmarks for macOS Catalina☆122Updated 7 months ago
- Unleash the power of the Falcon Platform at the CLI☆117Updated 2 weeks ago
- Dorothy is a tool to test security monitoring and detection for Okta environments☆181Updated 8 months ago
- A serverless sync server for Santa, built on AWS☆93Updated 5 months ago
- LotL RMM☆170Updated 3 weeks ago
- MDM Related code, docs, scripts, snippets, thoughts, and musings.☆117Updated 3 weeks ago
- Sublime rules for email attack detection, prevention, and threat hunting.☆298Updated this week
- A command line tool for pstree-like output on macOS with additional pid capturing capabilities☆252Updated 7 months ago
- This is the integration to feed Falcon X IOC data into zscaler's platform☆16Updated 9 months ago
- Cyber Incident Response Team Playbook Battle Cards☆373Updated 11 months ago
- Scripts to streamline the deployment and use of the CrowdStrike Falcon sensor☆168Updated last week
- Aftermath is a free macOS incident response framework☆32Updated last week
- Collection of example YARA-L rules for use within Google Security Operations☆378Updated 2 weeks ago
- osquery extensions by Trail of Bits☆264Updated 2 years ago
- SCuBA Secure Configuration Baselines and assessment tool for Google Workspace☆215Updated this week
- A ruleset to find potentially malicious code in macOS malware samples☆39Updated last year
- SOFA | A MacAdmin's Simple Organized Feed for Apple Software Updates☆233Updated this week