Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

fucking-awesome-incident-response

A curated list of tools for incident response. With repository stars⭐ and forks🍴
https://github.com/Correia-jpv/fucking-awesome-incident-response

Last synced: 6 days ago
JSON representation

  • IR Tools Collection

    • Adversary Emulation

      • APTSimulator - Windows Batch script that uses a set of tools and output files to make a system look as if it was compromised.
      • Atomic Red Team (ART) - Small and highly portable detection tests mapped to the MITRE ATT&CK Framework.
      • AutoTTP - Automated Tactics Techniques & Procedures. Re-running complex sequences manually for regression tests, product evaluations, generate data for researchers.
      • Caldera - Automated adversary emulation system that performs post-compromise adversarial behavior within Windows Enterprise networks. It generates plans during operation using a planning system and a pre-configured adversary model based on the Adversarial Tactics, Techniques & Common Knowledge (ATT&CK™) project.
      • DumpsterFire - Modular, menu-driven, cross-platform tool for building repeatable, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations.
      • Metta - Information security preparedness tool to do adversarial simulation.
      • Network Flight Simulator - Lightweight utility used to generate malicious network traffic and help security teams to evaluate security controls and network visibility.
      • Red Team Automation (RTA) - RTA provides a framework of scripts designed to allow blue teams to test their detection capabilities against malicious tradecraft, modeled after MITRE ATT&CK.
      • RedHunt-OS - Virtual machine for adversary emulation and threat hunting.
    • All-In-One Tools

      • Dissect - Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).
      • Doorman - osquery fleet manager that allows remote management of osquery configurations retrieved by nodes. It takes advantage of osquery's TLS configuration, logger, and distributed read/write endpoints, to give administrators visibility across a fleet of devices with minimal overhead and intrusiveness.
      • Falcon Orchestrator - Extendable Windows-based application that provides workflow automation, case management and security response functionality.
      • Fleetdm - State of the art host monitoring platform tailored for security experts. Leveraging Facebook's battle-tested osquery project, Fleetdm delivers continuous updates, features and fast answers to big questions.
      • GRR Rapid Response - Incident response framework focused on remote live forensics. It consists of a python agent (client) that is installed on target systems, and a python server infrastructure that can manage and talk to the agent. Besides the included Python API client, <b><code>&nbsp;&nbsp;&nbsp;&nbsp;56⭐</code></b> <b><code>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;7🍴</code></b> [PowerGRR](https://github.com/swisscom/PowerGRR)) provides an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.
      • IRIS - IRIS is a web collaborative platform for incident response analysts allowing to share investigations at a technical level.
      • Kuiper - Digital Forensics Investigation Platform
      • Matano
      • MozDef - Automates the security incident handling process and facilitate the real-time activities of incident handlers.
      • MutableSecurity - CLI program for automating the setup, configuration, and use of cybersecurity solutions.
      • nightHawk - Application built for asynchronous forensic data presentation using ElasticSearch as the backend. It's designed to ingest Redline collections.
      • SOC Multi-tool - A powerful and user-friendly browser extension that streamlines investigations for security professionals.
      • Velociraptor - Endpoint visibility and collection tool
    • Memory Analysis Tools

      • Rekall - Open source tool (and library) for the extraction of digital artifacts from volatile memory (RAM) samples.
    • Playbooks

    • Process Dump Tools

      • PMDump - Tool that lets you dump the memory contents of a process to a file without stopping the process.
  • Source