List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

A curated list of tools for incident response

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.

Automate the creation of a lab environment complete with security tooling and logging best practices

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Loki - Simple IOC and Incident Response Scanner

TheHive: a Scalable, Open Source and Free Security Incident Response Platform

Investigate malicious Windows logon by visualizing and analyzing Windows event log

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Collaborative forensic timeline analysis

A curated list of awesome forensic analysis tools and resources

VirusTotal Wanna Be - Now with 100% more Hipster

Signature base for my scanner tools

Malcom - Malware Communications Analyzer

A repository of sysmon configuration modules

Your Everyday Threat Intelligence

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

Cortex: a Powerful Observable Analysis and Active Response Engine

Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.

Educational, CTF-styled labs for individuals interested in Memory Forensics

Web browser forensics for Google Chrome/Chromium

Advanced Sysmon configuration, Installer & Auto Updater with high-quality event tracing

A list of cyber-chef recipes and curated links

Automation and Scaling of Digital Forensics Tools

Extract and aggregate threat intelligence.

Lookyloo is a web interface allowing to scrape a website and then displays a tree of domains calling each other.

swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.