# Incident Response

# Active Directory

  • LogonTracer - Investigate malicious Windows logon by visualizing and analyzing Windows event log. last-commit

# Data Loss Prevention (DLP)

  • LOTS Project - Attackers are using popular legitimate domains when conducting phishing, C&C, exfiltration and downloading tools to evade detection. This project provides domains to monitor.

# Management Platform

  • DFIRTrack - The Incident Response Tracking Application. last-commit
  • FIR - Fast Incident Response allows for easy creation, tracking, and reporting of cybersecurity incidents. last-commit
  • The Hive - A Scalable, Open Source and Free Security Incident Response Platform. last-commit
  • Wazuh - Capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. last-commit

# Reporting

  • Cortex - Powerful Observable Analysis and Active Response Engine. last-commit
  • ETWMonitor - Windows notifier tool that detects suspicious connections by monitoring ETW event logs. last-commit
  • Log-MD -Tool to assist Information Security and IT Professionals discover the artifacts needed to understand if a Windows system has a malware infection.
  • Response - Real-time incident response and reporting tool. last-commit
  • Velociraptor - A tool for collecting host based state information using Velocidex Query Language (VQL) queries. last-commit

# Indicators of Compromise

# Frameworks

  • IoCextract - Defanged Indicator of Compromise (IOC) Extractor. last-commit

# Lists

# Scanners

  • Fenrir - Simple Bash IOC Scanner. last-commit
  • IoC Radar - The IOC Radar service provides you with IoCs about threat actors, malware and attackers.
  • Loki - Simple IOC and YARA scanner. last-commit
  • PersistenceSniper - Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. last-commit
  • Redline - FireEye's free endpoint security tool, provides host investigative capabilities.
  • Thor Lite - Free IOC and YARA Scanner.

# YARA

  • yarGen - yarGen is a generator for YARA rules. last-commit