PowerShell script helping Incident Responders discover potential adversary persistence mechanisms.

Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, ASN, DNS, WhoIs, Shodan InternetDB and Threat Indicator matches.

An easy-to-use, cross-platform utility for capturing and diffing file system metadata snapshots.

PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.

Authentication Mapper - helping blue-teams analyze authentication activity in Active Directory networks.

VTC - Velociraptor Timeline Creator

Helping Incident Responders hunt for potential persistence mechanisms on UNIX-based systems.

Update and use YARA rules from across the Internet against targeted files or directories.

Rapid Acqusition of Interesting Data

Graph Visualizer for Windows Event Logs

Example React app utilizing MaterialUI with Flask JWT-authed API backend.

Asynchronous Remote Evidence Retrieval for rapid network-wide threat hunting

Documenting Suspicious Command Lines

SharpShares..but in Python!

Windows Artifact Retrieval and Discovery

Threat Simulator for Enterprise Networks

Hunting for Abnormalities

Remote retrieval, filtering and analysis of Security.evtx logs for user activity analysis.

Tool for scanning an Outlook Inbox in order to discover Indicators of Compromise - intelligence dissemination/bulletins, *-ISAC Threads, etc,

Recursive file-hasher and string-matcher

Basic XSS, SQLi and LFI Vulnerability Scanner

Use TCP or UDP to check connection availability for remote hosts