Quick script to build host or investigation timelines using Carbon Black Response
☆12Sep 25, 2018Updated 7 years ago
Alternatives and similar repositories for cbr-timeliner
Users that are interested in cbr-timeliner are comparing it to the libraries listed below
Sorting:
- ☆39Jun 28, 2019Updated 6 years ago
- CLI Search for Security Operators of MITRE ATT&CK URLs☆17Jan 5, 2023Updated 3 years ago
- Registry to JSON. This Project is for learning purposes and is not maintained.☆12Dec 28, 2021Updated 4 years ago
- Collection of useful, up to date, Carbon Black Response Queries☆85Oct 23, 2020Updated 5 years ago
- VMDK Forensic Artifact Extractor (VFAE) is windows based tool written in C++ that extracts files with a known location from VMDK images r…☆17Aug 7, 2015Updated 10 years ago
- Registry timestamp manipulation☆18Feb 26, 2014Updated 12 years ago
- Command line interface to Carbon Black Response☆38May 12, 2020Updated 5 years ago
- It is based on bulk_extractor (https://github.com/simsong/bulk_extractor) and add scanners for record carving☆42Apr 23, 2020Updated 5 years ago
- ☆18Sep 13, 2021Updated 4 years ago
- VMware Snapshot Forensic Comparison Scripts☆25Mar 19, 2013Updated 12 years ago
- A script to create and assign SOP tasks into the cases☆20Aug 16, 2020Updated 5 years ago
- Mitre Att&ck Technique Emulation☆82Mar 6, 2019Updated 7 years ago
- A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small Velociraptor R&D lab.☆22Apr 16, 2021Updated 4 years ago
- Forensic Analysis Tool for Btrfs File System.☆20Aug 6, 2018Updated 7 years ago
- Tool for analysts to perform simultaneous lookups (IP, Domain, URL, MD5) against multiple data sources☆28Jan 27, 2017Updated 9 years ago
- Carbon Black Response IR tool☆55Dec 10, 2020Updated 5 years ago
- Carbon Black API - Python language bindings☆145Aug 22, 2024Updated last year
- A command line utility to aid in using autofocus for IR and research☆27Oct 22, 2019Updated 6 years ago
- ☆11Feb 9, 2023Updated 3 years ago
- A WDAC configuration repository with the sole intention of enriching MDE☆30Jun 18, 2025Updated 8 months ago
- This project is an Ansible Role to execute Atomic Red Team tests against multiple machines by wrapping Invoke-AtomicRedTeam☆27Jul 4, 2024Updated last year
- ☆115Jan 31, 2024Updated 2 years ago
- Merge all Yara rules from official Yara github repository in one .yar file☆31Jun 22, 2018Updated 7 years ago
- integrating bro into yara☆33Dec 9, 2014Updated 11 years ago
- ☆82Jul 5, 2016Updated 9 years ago
- Subscribe to raw VMware Carbon Black EDR event feed and forward to another system, such as Splunk.☆73Feb 20, 2026Updated 2 weeks ago
- ETHICAL-HACKING☆12Dec 20, 2023Updated 2 years ago
- A simple intrusion detection system that detects anomalous IP payloads, vertical and horizontal port scanning attacks in the selected net…☆10Apr 16, 2018Updated 7 years ago
- 🌌 Real-time threat detection for smart contracts☆10May 16, 2023Updated 2 years ago
- Evidence Fetcher (efetch) is a web-based file explorer, viewer, and analyzer.☆39Apr 11, 2020Updated 5 years ago
- The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted driv…☆343Jun 25, 2022Updated 3 years ago
- parser for Google search strings☆40Sep 14, 2019Updated 6 years ago
- ☆43Jul 6, 2022Updated 3 years ago
- Alternative password shadowing scheme☆10Feb 22, 2026Updated 2 weeks ago
- Perform file-based malware scan on your on-prem servers with AWS☆14Oct 31, 2023Updated 2 years ago
- Indicators of compromise relating to our report on APT10's targeting of global MSPs☆10Sep 26, 2017Updated 8 years ago
- The Sentinel.blog Repository provides automation tools for updating Analytics Rules, Content Hub Solutions, and Workbooks, eliminating re…☆17Updated this week
- Tools for parsing Forensic images☆41Dec 14, 2018Updated 7 years ago
- Contains research.splunk.com site code☆11Apr 10, 2024Updated last year