Alternatives and similar repositories for aftermath:

Users that are interested in aftermath are comparing it to the libraries listed below

• jamf / jamfprotect
  A repository for open-source resources created for use with or alongside Jamf Protect.
  ☆195Updated 3 weeks ago
• infosecB / LOOBins
  Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" ma…
  ☆456Updated 3 months ago
• mandiant / macos-UnifiedLogs
  ☆236Updated last month
• northpolesec / santa
  A binary authorization and monitoring system for macOS
  ☆175Updated last week
• CrowdStrike / automactc
  AutoMacTC: Automated Mac Forensic Triage Collector
  ☆535Updated 3 years ago
• chainguard-dev / osquery-defense-kit
  Production-ready detection & response queries for osquery
  ☆558Updated last week
• macadmins / osquery-extension
  An osquery extension for endpoint engineers
  ☆105Updated last month
• mvdbent / CIS-macOS-Security
  ☆69Updated 3 years ago
• WithSecureLabs / Jamf-Attack-Toolkit
  Suite of tools to facilitate attacks against the Jamf macOS management platform.
  ☆181Updated 4 years ago
• CrowdStrike / zscaler-FalconX-integration
  This is the integration to feed Falcon X IOC data into zscaler's platform
  ☆14Updated 9 months ago
• thomasareed / pict
  Post-Infection Collection Toolkit
  ☆95Updated 2 years ago
• jamf / CIS-for-macOS-Catalina-CP
  CIS Benchmarks for macOS Catalina
  ☆123Updated 6 months ago
• mvdbent / CIS-Script
  ☆100Updated 2 years ago
• elastic / dorothy
  Dorothy is a tool to test security monitoring and detection for Okta environments
  ☆179Updated 7 months ago
• joshua-d-miller / macOSLAPS
  Swift binary that will change a local administrator password to a random generated password. Similar behavior to LAPS for Windows
  ☆404Updated last month
• CrowdStrike / falconpy
  The CrowdStrike Falcon SDK for Python
  ☆396Updated this week
• CrowdStrike / Falcon-Toolkit
  Unleash the power of the Falcon Platform at the CLI
  ☆116Updated last month
• themittenmac / TrueTree
  A command line tool for pstree-like output on macOS with additional pid capturing capabilities
  ☆251Updated 7 months ago
• trailofbits / osquery-extensions
  osquery extensions by Trail of Bits
  ☆263Updated last year
• airbnb / rudolph
  A serverless sync server for Santa, built on AWS
  ☆93Updated 4 months ago
• magicsword-io / LOLRMM
  LotL RMM
  ☆152Updated last week
• thinkst / canary-utils
  Collection of useful Canary tools
  ☆77Updated last week
• macadmins / sofa
  SOFA | A MacAdmin's Simple Organized Feed for Apple Software Updates
  ☆227Updated this week
• sublime-security / sublime-rules
  Sublime rules for email attack detection, prevention, and threat hunting.
  ☆283Updated this week
• SentineLabs / XProtect-Malware-Families
  Mapping XProtect's obfuscated malware family names to common industry names.
  ☆84Updated 11 months ago
• randomaccess3 / Awesome-BEC
  Repository of attack and defensive information for Business Email Compromise investigations
  ☆249Updated 2 months ago
• SentineLabs / macos-ttps-yara
  A ruleset to find potentially malicious code in macOS malware samples
  ☆39Updated last year
• stuartjash / aftermath
  Aftermath is a free macOS incident response framework
  ☆31Updated 3 months ago
• macadmins / escrow-buddy
  A macOS authorization plugin that helps MDM administrators ensure valid FileVault keys are escrowed for all their Macs.
  ☆231Updated 7 months ago
• PhorionTech / Kronos
  Phorion Kronos is a macOS security tool designed to enhance Apple's Transparency Consent and Control (TCC) security and privacy mechanism…
  ☆72Updated last year