Repository navigation

#

dfir-automation

clong / DetectionLab 

Automate the creation of a lab environment complete with security tooling and logging best practices

VagrantvagrantfilepackerCybersecuritylab-environmentdfirTerraformAnsiblePowerShelldetectionosquerysysmondfir-automation
HTML
4833
1 年前
securityjoes / MasterParser 

MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs

dfirdfir-automationCybersecuritysoccyber-securityPowerShellreporting工具自动化incident-responsecyber安全
PowerShell
742
2 个月前
iknowjason / PurpleCloud 

A little tool to play with Azure Identity - Azure and Entra ID lab creation tool. Blog: https://medium.com/@iknowjason/sentinel-for-purple-teaming-183b7df7a2f4

Azurepentestpurpleteamsiemdfirdfir-automation
Python
596
6 个月前
cado-security / varc 

Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.

Amazon Web Servicesaws-fargateaws-lambdacloud-securitydfirdfir-automationforensicsmemory-forensicsaws-forensicsdocker-forensics安全Hacktoberfest
Python
255
1 年前
Correia-jpv / fucking-awesome-incident-response 

A curated list of tools for incident response. With repository stars⭐ and forks🍴

Awesome Listsdfirdfir-automationdigital-forensicsdigitalforensicsincidentincident-managementincident-reportsincident-responseincident-response-toolingincidentslist安全
251
20 小时前
jurelou / epagneul 

Graph Visualization for windows event logs

安全forensicsforensics-toolsthreat-huntinghuntingevtxblueteamdfir-automation
Python
242
9 个月前
iknowjason / BlueCloud 

Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.

edr-testingpentestingblue-teamdfir-automationdfirpurpleteam
HTML
137
3 年前
cado-security / rip_raw 

Rip Raw is a small tool to analyse the memory of compromised Linux systems.

安全memory-forensicsforensicsdfirforensic-analysisdfir-automation
Python
132
4 年前
hashlookup / hashlookup-forensic-analyser 

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/

dfirdfir-automationforensic-analysisforensics-investigationshashlookupbloom-filter
Python
126
2 年前
adulau / hashlookup-server 

Fast lookup server for NSRL and other hash database used in digital forensic

hashlookupCybersecuritydfirdfir-automation
Python
45
3 年前
op7ic / unix_collector 

unix_collector is a Live Response collection script for Incident Response on UNIX-like systems using native binaries. Supports AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

UnixblueteamforensicsfreebsdLinuxOpenBSDposixScriptcomputer-forensicsdfirdfir-automationsolarisincident-responseforensics-tools安全
Shell
37
4 个月前
Digital-Defense-Institute / openrelik-pipeline 

Pipeline that allows sending forensic artifacts to OpenRelik for automatic processing

dfirdfir-automationhayabusaincident-responseCybersecuritysecops安全security-automation
Python
34
5 个月前
QXJ6YW4 / SimpleImager 

Simple Imager has been created for performing live acquisition of Windows based systems in a forensically sound manner

dfirdfir-automationforensicsforensics-toolsblueteamdigital-forensicsdigital-forensics-incident-response
Batchfile
32
3 年前
ionsec / maes-platform 

MAES: M365 Analyzer & Extractor Suite Po

dfir-automationsecurity-assessment
JavaScript
29
9 天前
iknowjason / Velociraptor_Azure 

A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small Velociraptor R&D lab.

dfirdfir-automationpurpleteam
HCL
21
4 年前
brootware / flarevm-up 

Easy automated vagrant provisioning of Windows 10 with flarevm tools installed for Digital Forensics and Malware Analysis Lab.

VagrantOracle-VM-VirtualBoxdigital-forensicsforensics-toolsblueteamingctf-toolsctfdfir-automationmalware-analysis逆向工程Windows
HCL
20
3 年前
light-hat / turinabolum 

🦾 Digital Forensics on Steroids

cybersecurity-toolsdfir-automationdigital-forensicsforensics安全ctfthreat-intelligencedfirforensiccyber-securityincident-responsethreat-huntingtimeline
Python
20
1 天前
RealityNet / McAFuse 

Toolset to analyze disks encrypted with McAFee FDE technology

dfirdfir-automationincident-responsefuse-filesystem逆向工程mcafee
Python
19
5 年前
idiom / activemime-format 

ActiveMime File Format Documentation

dfirdfir-automationmalware-analysis
Python
18
4 年前
jupyterj0nes / sabonis 

Sabonis, a Digital Forensics and Incident Response pivoting tool

dfirdfir-automationincident-responsedigital-forensicsblue-team
Python
17
4 年前