Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.

$MFT directory tree reconstruction & FILE record info

Cobalt Strike Beacon configuration extractor and parser.

Scan files or process memory for CobaltStrike beacons and parse their configuration

TheHive: a Scalable, Open Source and Free Security Incident Response Platform

Simple Bash IOC Scanner

Invoke-Forensics provides PowerShell commands to simplify working with the forensic tools KAPE and RegRipper.

GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]

Digital forensic acquisition tool for Windows based incident response.

The Office 365 Extractor is a tool that allows for complete and reliable extraction of the Unified Audit Log (UAL)

Investigate malicious Windows logon by visualizing and analyzing Windows event log

Distributed malware processing framework based on Python, Redis and S3.

Web app that provides basic navigation and annotation of ATT&CK matrices

Volatility 3.0 development

Simple yara rule manager

A privacy and security engineering toolkit: Discover, understand, pseudonymize, anonymize, encrypt and securely share sensitive and personal data: Privacy and security as code.

A concise, directive, specific, flexible, and free incident response plan template

YARA signature and IOC database for my scanners and tools

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover su…

A Powershell incident response framework

UNIX-like reverse engineering framework and command-line toolset.

A go client library for accessing DFIRTracks API using the OpenAPI-Standard

⭐️ A curated list of awesome forensic analysis tools and resources

Awesome list of digital forensic tools

The home of the BriMor Labs rdpieces Perl script that tries to rebuild parsed RDP Bitmap Cache images

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

Malware Configuration And Payload Extraction

Builds malware analysis Windows VMs so that you don't have to.