Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

fucking-awesome-incident-response

A curated list of tools for incident response. With repository stars⭐ and forks🍴
https://github.com/Correia-jpv/fucking-awesome-incident-response

Last synced: 6 days ago
JSON representation

  • IR Tools Collection

    • Adversary Emulation

      • APTSimulator - Windows Batch script that uses a set of tools and output files to make a system look as if it was compromised.
      • Atomic Red Team (ART) - Small and highly portable detection tests mapped to the MITRE ATT&CK Framework.
      • AutoTTP - Automated Tactics Techniques & Procedures. Re-running complex sequences manually for regression tests, product evaluations, generate data for researchers.
      • Caldera - Automated adversary emulation system that performs post-compromise adversarial behavior within Windows Enterprise networks. It generates plans during operation using a planning system and a pre-configured adversary model based on the Adversarial Tactics, Techniques & Common Knowledge (ATT&CK™) project.
      • DumpsterFire - Modular, menu-driven, cross-platform tool for building repeatable, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations.
      • Metta - Information security preparedness tool to do adversarial simulation.
      • Network Flight Simulator - Lightweight utility used to generate malicious network traffic and help security teams to evaluate security controls and network visibility.
      • Red Team Automation (RTA) - RTA provides a framework of scripts designed to allow blue teams to test their detection capabilities against malicious tradecraft, modeled after MITRE ATT&CK.
      • RedHunt-OS - Virtual machine for adversary emulation and threat hunting.

    • All-In-One Tools

      • Dissect - Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).
      • Doorman - osquery fleet manager that allows remote management of osquery configurations retrieved by nodes. It takes advantage of osquery's TLS configuration, logger, and distributed read/write endpoints, to give administrators visibility across a fleet of devices with minimal overhead and intrusiveness.
      • Falcon Orchestrator - Extendable Windows-based application that provides workflow automation, case management and security response functionality.
      • Fleetdm - State of the art host monitoring platform tailored for security experts. Leveraging Facebook's battle-tested osquery project, Fleetdm delivers continuous updates, features and fast answers to big questions.
      • GRR Rapid Response - Incident response framework focused on remote live forensics. It consists of a python agent (client) that is installed on target systems, and a python server infrastructure that can manage and talk to the agent. Besides the included Python API client, <b><code>&nbsp;&nbsp;&nbsp;&nbsp;56⭐</code></b> <b><code>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;7🍴</code></b> [PowerGRR](https://github.com/swisscom/PowerGRR)) provides an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.
      • IRIS - IRIS is a web collaborative platform for incident response analysts allowing to share investigations at a technical level.
      • Kuiper - Digital Forensics Investigation Platform
      • Matano
      • MozDef - Automates the security incident handling process and facilitate the real-time activities of incident handlers.
      • MutableSecurity - CLI program for automating the setup, configuration, and use of cybersecurity solutions.
      • nightHawk - Application built for asynchronous forensic data presentation using ElasticSearch as the backend. It's designed to ingest Redline collections.
      • SOC Multi-tool - A powerful and user-friendly browser extension that streamlines investigations for security professionals.
      • Velociraptor - Endpoint visibility and collection tool

    • Memory Analysis Tools

      • Rekall - Open source tool (and library) for the extraction of digital artifacts from volatile memory (RAM) samples.

    • Playbooks

    • Process Dump Tools

      • PMDump - Tool that lets you dump the memory contents of a process to a file without stopping the process.

  • Source

Programming Languages
Python 9 JavaScript 4 Go 4 Rust 1 C 1 Batchfile 1
Categories
IR Tools Collection 25 Source 1
Sub Categories
All-In-One Tools 13 Adversary Emulation 9 Memory Analysis Tools 1 Playbooks 1 Windows Evidence Collection 1 Process Dump Tools 1
Keywords
security 7 cybersecurity 5 python 5 incident-response 4 dfir 4 digital-forensics 3 infosec 2 siem 2 threat-hunting 2 security-automation 2 red-team 2 incident-response-tooling 2 hacking 2 security-tools 2 endpoint-security 2 mitre-attack 2 mitre 2 networking 1 network 1 redis 1 celery 1 simulation 1 uber 1 vagrant 1 virtualbox 1 yaml 1 intrusion-detection 1 monitoring 1 testing-tools 1 dissect 1 device-management 1 employee-experience 1 empire 1 powershell 1 procedure 1 tactics 1 adversary-emulation 1 caldera 1 mitre-corporation 1 security-testing 1 automation 1 blue-team 1 blue-teams 1 hacking-tool 1 hacking-tools 1 pentest 1 pentest-tool 1 pentest-tools 1 pentesting 1 red-teams 1