#
Incident Response
#
Active Directory
- LogonTracer - Investigate malicious Windows logon by visualizing and analyzing Windows event log.
#
Data Loss Prevention (DLP)
- LOTS Project - Attackers are using popular legitimate domains when conducting phishing, C&C, exfiltration and downloading tools to evade detection. This project provides domains to monitor.
#
Management Platform
- DFIRTrack - The Incident Response Tracking Application.
- FIR - Fast Incident Response allows for easy creation, tracking, and reporting of cybersecurity incidents.
- The Hive - A Scalable, Open Source and Free Security Incident Response Platform.
- Wazuh - Capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments.
#
Reporting
- Cortex - Powerful Observable Analysis and Active Response Engine.
- ETWMonitor - Windows notifier tool that detects suspicious connections by monitoring ETW event logs.
- Log-MD -Tool to assist Information Security and IT Professionals discover the artifacts needed to understand if a Windows system has a malware infection.
- Response - Real-time incident response and reporting tool.
- Velociraptor - A tool for collecting host based state information using Velocidex Query Language (VQL) queries.
#
Indicators of Compromise
#
Frameworks
- IoCextract - Defanged Indicator of Compromise (IOC) Extractor.
#
Lists
- Log4Shell - Simple IOC and YARA scanner.
#
Scanners
- Fenrir - Simple Bash IOC Scanner.
- IoC Radar - The IOC Radar service provides you with IoCs about threat actors, malware and attackers.
- Loki - Simple IOC and YARA scanner.
- PersistenceSniper - Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines.
- Redline - FireEye's free endpoint security tool, provides host investigative capabilities.
- Thor Lite - Free IOC and YARA Scanner.
#
YARA
- yarGen - yarGen is a generator for YARA rules.