Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
fucking-awesome-incident-response
A curated list of tools for incident response. With repository starsâ and forksđ´
https://github.com/Correia-jpv/fucking-awesome-incident-response
Last synced: 4 days ago
JSON representation
-
IR Tools Collection
-
All-In-One Tools
- CimSweep - Suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows.
- CIRTkit - CIRTKit is not just a collection of tools, but also a framework to aid in the ongoing unification of Incident Response and Forensics investigation processes.
- Flare - A fully customizable, Windows-based security distribution for malware analysis, incident response, penetration testing.
- Dissect - Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).
- Doorman - osquery fleet manager that allows remote management of osquery configurations retrieved by nodes. It takes advantage of osquery's TLS configuration, logger, and distributed read/write endpoints, to give administrators visibility across a fleet of devices with minimal overhead and intrusiveness.
- Falcon Orchestrator - Extendable Windows-based application that provides workflow automation, case management and security response functionality.
- Fleetdm - State of the art host monitoring platform tailored for security experts. Leveraging Facebook's battle-tested osquery project, Fleetdm delivers continuous updates, features and fast answers to big questions.
- GRR Rapid Response - Incident response framework focused on remote live forensics. It consists of a python agent (client) that is installed on target systems, and a python server infrastructure that can manage and talk to the agent. Besides the included Python API client, <b><code> 56â</code></b> <b><code> 7đ´</code></b> [PowerGRR](https://github.com/swisscom/PowerGRR)) provides an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.
- IRIS - IRIS is a web collaborative platform for incident response analysts allowing to share investigations at a technical level.
- Kuiper - Digital Forensics Investigation Platform
- Matano
- MozDef - Automates the security incident handling process and facilitate the real-time activities of incident handlers.
- MutableSecurity - CLI program for automating the setup, configuration, and use of cybersecurity solutions.
- nightHawk - Application built for asynchronous forensic data presentation using ElasticSearch as the backend. It's designed to ingest Redline collections.
- SOC Multi-tool - A powerful and user-friendly browser extension that streamlines investigations for security professionals.
- Velociraptor - Endpoint visibility and collection tool
-
Adversary Emulation
- APTSimulator - Windows Batch script that uses a set of tools and output files to make a system look as if it was compromised.
- Atomic Red Team (ART) - Small and highly portable detection tests mapped to the MITRE ATT&CK Framework.
- AutoTTP - Automated Tactics Techniques & Procedures. Re-running complex sequences manually for regression tests, product evaluations, generate data for researchers.
- Caldera - Automated adversary emulation system that performs post-compromise adversarial behavior within Windows Enterprise networks. It generates plans during operation using a planning system and a pre-configured adversary model based on the Adversarial Tactics, Techniques & Common Knowledge (ATT&CKâ˘) project.
- DumpsterFire - Modular, menu-driven, cross-platform tool for building repeatable, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations.
- Metta - Information security preparedness tool to do adversarial simulation.
- Network Flight Simulator - Lightweight utility used to generate malicious network traffic and help security teams to evaluate security controls and network visibility.
- Red Team Automation (RTA) - RTA provides a framework of scripts designed to allow blue teams to test their detection capabilities against malicious tradecraft, modeled after MITRE ATT&CK.
- RedHunt-OS - Virtual machine for adversary emulation and threat hunting.
-
Memory Analysis Tools
- Rekall - Open source tool (and library) for the extraction of digital artifacts from volatile memory (RAM) samples.
-
Playbooks
- Counteractive Playbooks - Counteractive PLaybooks collection.
-
Process Dump Tools
- PMDump - Tool that lets you dump the memory contents of a process to a file without stopping the process.
-
-
Source
-
Windows Evidence Collection
-
Programming Languages
Categories
Sub Categories
Keywords
security
7
cybersecurity
5
python
5
incident-response
4
dfir
4
digital-forensics
3
infosec
2
siem
2
threat-hunting
2
security-automation
2
red-team
2
incident-response-tooling
2
hacking
2
security-tools
2
endpoint-security
2
mitre-attack
2
mitre
2
networking
1
network
1
redis
1
celery
1
simulation
1
uber
1
vagrant
1
virtualbox
1
yaml
1
intrusion-detection
1
monitoring
1
testing-tools
1
dissect
1
device-management
1
employee-experience
1
empire
1
powershell
1
procedure
1
tactics
1
adversary-emulation
1
caldera
1
mitre-corporation
1
security-testing
1
automation
1
blue-team
1
blue-teams
1
hacking-tool
1
hacking-tools
1
pentest
1
pentest-tool
1
pentest-tools
1
pentesting
1
red-teams
1