List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

Educational, CTF-styled labs for individuals interested in Memory Forensics

UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

Everything related to Linux Forensics

swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.

Docker configurations for TheHive, Cortex and 3rd party tools

Harness the power of Splunk for your investigations

Blazescan is a linux webserver malware scanning and incident response tool, with built in support for cPanel servers, but will run on any linux based server.

Bash script to Check for malicious Cryptomining

unix_collector is a Live Response collection script for Incident Response on UNIX-like systems using native binaries. Supports AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

A script to assist in processing forensic RAM captures for malware triage

The ultimate solution for remotely deploying Crowdstrike sensors quickly and discreetly on any other EDR platform.

The scrip will help you to find some values info for the user that you need as DFIR

MISP decaying models

🏴‍☠️ BST is an ever-evolving collection of 🛠 tools to help in security and administration tasks 😉

Resources for DFIR. And more.

Elastic cluster for DFIR

Break-In Analyzer - A script that analyze auth.log, secure, utmp/wtmp for possible SSH break-in attempts

Extract SHA1 from Reference Data Set (RDS) provided by the National Software Reference Library (NSRL) for X-Ways Forensics (or any other tool that uses SHA1).

Incident Forensic Response In Terminal script for linux