Highlights
- Pro
BLUE
A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.
Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, Th…
ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Official Twitter/X account @PersistSniper. Made w…
A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals…
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
ISAF aims to be a framework that provides the necessary tools for the correct security audit of industrial environments. This repo is a mirror of https://gitlab.com/d0ubl3g/industrial-security-audi…
✨ A curated list of awesome threat detection and hunting resources 🕵️♂️
✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The purpose is to create a reference hub for designing effective…
honeyλ - a simple, serverless application designed to create and monitor fake HTTP endpoints (i.e. URL honeytokens) automatically, on top of AWS Lambda and Amazon API Gateway
IntelOwl: manage your Threat Intelligence at scale
💻🛡️ A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.
The Next Generation of Anti-Rookit(ARK) tool for Windows.
An incredibly fast proxy checker & IP rotator with ease.
PowerShell Digital Forensics & Incident Response Scripts.
A list of useful tools for Malware Analysis (will be updated regularly)
Open Cyber Threat Intelligence Platform
MISP (core software) - Open Source Threat Intelligence and Sharing Platform
Detect and respond to Cobalt Strike beacons using ETW.
Hunt for C2 servers and phishing web sites using VirusTotal API , you can modify code to kill the malicious process