Repository navigation

#

dfir-automation

clong / DetectionLab 

Automate the creation of a lab environment complete with security tooling and logging best practices

VagrantvagrantfilepackerCybersecuritylab-environmentdfirTerraformAnsiblePowerShelldetectionosquerysysmondfir-automation
HTML
4732
9 个月前
securityjoes / MasterParser 

MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs

dfirdfir-automationCybersecuritysoccyber-securityPowerShellreporting工具自动化incident-responsecyber安全
PowerShell
725
14 天前
iknowjason / PurpleCloud 

A little tool to play with Azure Identity - Azure and Entra ID lab creation tool. Blog: https://medium.com/@iknowjason/sentinel-for-purple-teaming-183b7df7a2f4

Azurepentestpurpleteamsiemdfirdfir-automation
Python
564
1 个月前
cado-security / varc 

Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.

Amazon Web Servicesaws-fargateaws-lambdacloud-securitydfirdfir-automationforensicsmemory-forensicsaws-forensicsdocker-forensics安全Hacktoberfest
Python
253
5 个月前
jurelou / epagneul 

Graph Visualization for windows event logs

安全forensicsforensics-toolsthreat-huntinghuntingevtxblueteamdfir-automation
Python
236
3 个月前
Correia-jpv / fucking-awesome-incident-response 

A curated list of tools for incident response. With repository stars⭐ and forks🍴

Awesome Listsdfirdfir-automationdigital-forensicsdigitalforensicsincidentincident-managementincident-reportsincident-responseincident-response-toolingincidentslist安全
224
6 天前
iknowjason / BlueCloud 

Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.

edr-testingpentestingblue-teamdfir-automationdfirpurpleteam
HTML
133
2 年前
cado-security / rip_raw 

Rip Raw is a small tool to analyse the memory of compromised Linux systems.

安全memory-forensicsforensicsdfirforensic-analysisdfir-automation
Python
130
3 年前
hashlookup / hashlookup-forensic-analyser 

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/

dfirdfir-automationforensic-analysisforensics-investigationshashlookupbloom-filter
Python
126
2 年前
adulau / hashlookup-server 

Fast lookup server for NSRL and other hash database used in digital forensic

hashlookupCybersecuritydfirdfir-automation
Python
43
3 年前
op7ic / unix_collector 

unix_collector is a Live Response collection script for Incident Response on UNIX-like systems using native binaries. Supports AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

UnixblueteamforensicsfreebsdLinuxOpenBSDposixScriptcomputer-forensicsdfirdfir-automationsolarisincident-responseforensics-tools安全
Shell
35
4 个月前
QXJ6YW4 / SimpleImager 

Simple Imager has been created for performing live acquisition of Windows based systems in a forensically sound manner

dfirdfir-automationforensicsforensics-toolsblueteamdigital-forensicsdigital-forensics-incident-response
Batchfile
32
3 年前
iknowjason / Velociraptor_Azure 

A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small Velociraptor R&D lab.

dfirdfir-automationpurpleteam
HCL
20
4 年前
idiom / activemime-format 

ActiveMime File Format Documentation

dfirdfir-automationmalware-analysis
Python
17
4 年前
RealityNet / McAFuse 

Toolset to analyze disks encrypted with McAFee FDE technology

dfirdfir-automationincident-responsefuse-filesystem逆向工程mcafee
Python
17
4 年前
brootware / flarevm-up 

Easy automated vagrant provisioning of Windows 10 with flarevm tools installed for Digital Forensics and Malware Analysis Lab.

VagrantOracle-VM-VirtualBoxdigital-forensicsforensics-toolsblueteamingctf-toolsctfdfir-automationmalware-analysis逆向工程Windows
HCL
16
3 年前
jupyterj0nes / sabonis 

Sabonis, a Digital Forensics and Incident Response pivoting tool

dfirdfir-automationincident-responsedigital-forensicsblue-team
Python
16
3 年前
BenjiTrapp / boxed-kali 

Kali in a Box - Containerized and fully operational within your Browser

dfir-automationDockerkali-linuxnovncpenetration-testing
Shell
12
8 个月前
wv8672 / AWS-Linux-Mem-Dump 

A Python, Boto3 script that leverages a forensic volume to attach & mount to a selected instance, run a memory dump, unmount and detach from the selected instance and finally attach & mount to a Forensic Workstation

dfir-automationLinuxAmazon Web Servicesebs-volumeslime
Python
12
5 年前
CIRCL / factual-rules 

Factual rules are YARA rules to find legitimate software on raw disk acquisition.

dfirdfir-automationyara-rulesyara-signatures
YARA
11
3 年前