Incident Response

#malware-samples#honeypots#analysis-framework

Malware Analysis

A curated list of awesome malware analysis tools, resources, and related information for security professionals.

Stars13.7k

Forks2.7k

#digital-forensics#sandbox-analysis#malware-samples

Awesome Malware Analysis

A curated list of awesome malware analysis tools, resources, and related information for security professionals.

Stars13.7k

Forks2.7k

#honeypot#awesome-list#malware-analysis

awesome-honeypotsPython

A curated list of free and open-source honeypot resources, tools, and related components for cybersecurity research.

Stars10.2k

Forks1.3k

Awesome Threat Intelligence

A curated list of awesome open-source threat intelligence resources, including feeds, tools, platforms, and standards.

#cyber-threats#hacktoberfest#security-feeds

Stars10.1k

Forks1.7k

Awesome Incident Response

A curated list of tools and resources for digital forensics and incident response (DFIR) teams.

#digital-forensics#incident-response-tooling#awesome-list

Stars9.0k

Forks1.7k

#digital-forensics#security-automation#incident-response-tooling

Incident Response

A curated list of tools and resources for digital forensics and incident response (DFIR) teams.

Stars9.0k

Forks1.7k

#vulnerability-assessment#infection-monkey#malware-simulation

Infection MonkeyPython

An open-source adversary emulation platform that simulates malware attacks to test and improve network security defenses.

Stars7.0k

Forks817

Last commit11 months ago

CalderaPython

An automated cyber security platform for adversary emulation, red teaming, and incident response built on the MITRE ATT&CK framework.

#mitre#caldera#security-automation

Stars6.9k

Forks1.3k

#event-driven#deployment#stackstorm

StackStorm (.4k)Python

Event-driven automation platform for DevOps and SREs, enabling auto-remediation, incident response, and workflow orchestration across tools.

Stars6.4k

Forks781

Last commit2 months ago

MISPPHP

An open-source platform for collecting, storing, sharing, and acting upon cybersecurity threat intelligence and indicators.

#threat-sharing#security#fraud-management

Stars6.2k

Forks1.6k

#netsec#sysinternals#windows-security

sysmon-config

A high-quality, commented Sysmon configuration template for Windows system monitoring and incident investigation.

Stars5.5k

Forks1.8k

#open-source#honeypots#security-automation

Cybersecurity Blue Team

A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.

Stars5.3k

Forks787

#digital-forensics#remote-forensics#enterprise-security

grrPython

An incident response framework for remote live forensics with Python client-server architecture.

Stars5.1k

Forks797

Last commit8 days ago

Awesome Forensics

A curated list of awesome free forensic analysis tools, resources, and learning materials for digital investigators.

#digital-forensics#open-source#ctf-challenges

Stars5.0k

Forks733

Last commit12 days ago

Forensics

A curated list of awesome free (mostly open source) forensic analysis tools and resources for digital investigations.

#digital-forensics#open-source#ctf-challenges

Stars5.0k

Forks733

Last commit12 days ago

Yara rulesYARA

A comprehensive collection of Yara rules for malware detection, vulnerability identification, and security analysis.

#digital-forensics#yara-rules#signature-based-detection

Stars4.8k

Forks1.1k

Last commit2 years ago

Awesome Threat Detection and Hunting

A curated list of awesome open-source tools, detection rules, datasets, and resources for threat detection and hunting.

#sigma-rules#awesome-list#security

Stars4.6k

Forks734

#digital-forensics#yara-rules#yara-scanner

Awesome YARA

A curated list of awesome YARA rules, tools, and resources for malware researchers and security professionals.

Stars4.2k

Forks550

Last commit1 month ago

Volatility 3Python

A memory forensics framework for extracting digital artifacts from volatile memory (RAM) samples across Windows, Linux, and macOS.

#digital-forensics#ram-analysis#memory

Stars4.1k

Forks648

Last commit18 days ago

VelociraptorGo

An endpoint visibility and collection tool using the Velociraptor Query Language (VQL) for host-based state information gathering.

#digital-forensics#vql#forensics-investigations

A simple IOC and YARA scanner for detecting malware and security threats via file names, hashes, YARA rules, and C2 connections.

#signature#hash#yara-rules

Stars3.7k

Forks622

#digital-forensics#sigma-rules#forensic-timeline

ChainsawRust

A fast, standalone tool for rapid threat hunting and forensic analysis of Windows event logs and other forensic artefacts.

Stars3.5k

Forks296

Last commit23 days ago

TimesketchPython

An open-source tool for collaborative forensic timeline analysis, enabling teams to organize, annotate, and investigate timelines together.

#digital-forensics#timeline#open-source

Stars3.3k

Forks651

#python-3#security-investigation#windows-event-log

LogonTracerPython

A security tool that visualizes and analyzes Windows Active Directory event logs to investigate malicious logon activity.

Stars3.2k

Forks486

#digital-forensics#python-tool#macos-forensics

OSXAuditorJavaScript

A free Mac OS X computer forensics tool that parses system artifacts, extracts user data, and verifies file reputation.

Stars3.1k

Forks274

Last commit5 years ago

Security Onion

A Linux distribution for threat hunting, enterprise security monitoring, and log management.

#enterprise-security#siem#ids

Stars3.1k

Forks521

Last commit5 years ago

HayabusaRust

A Sigma-based threat hunting and fast forensics timeline generator for Windows event logs, written in Rust.

#digital-forensics#threat#sigma-rules

An open-source forensic toolkit for analyzing disk images and file systems to identify and recover digital evidence.

#fat-analysis#digital-forensics#command-line-tools

Stars3.0k

Forks687

Last commit4 days ago

sysmon-modularPowerShell

A modular repository of Sysmon configuration modules for customizable endpoint detection and logging.

#modular#windows-security#endpoint-detection

Stars3.0k

Forks644

#apt-simulation#red-team-tool#detection-validation

APTSimulatorBatchfile

A Windows Batch script toolset that simulates Advanced Persistent Threat (APT) attack indicators to test security monitoring and detection capabilities.

Stars2.7k

Forks453

Last commit

FireEye's Red Team Tool CountermeasuresYARA

Snort and YARA rules to detect attacks using FireEye's red team tools, released after their 2020 breach disclosure.

#yara-rules#clamav#security-detection

Stars2.7k

Forks838

Last commit

Elastic Detection RulesPython

A public repository for developing, testing, and maintaining detection rules for Elastic Security's SIEM, with tools for Detections as Code.

#siem#security-automation#security

Stars2.6k

Forks645

Last commit1 day ago

Windows Events Attack SamplesHTML

A collection of 200 Windows EVTX event log samples mapped to MITRE ATT&CK techniques for detection testing and threat hunting.

#digital-forensics#security-training#windows-security

A Windows security tool for real-time adversary tradecraft detection, memory scanning, and forensics via behavior-driven rules.

#rule-engine#windows-security#adversary

Stars2.4k

Forks205