Incident Response
Showing 36 of 176 projects
A collection of publicly shared Indicators of Compromise (IOCs) from FireEye for threat intelligence and security research.
A powerful, easily deployable network traffic analysis tool suite for PCAP files, Zeek logs, and Suricata alerts.
A lightweight investigation notebook for security analysts to document and track threat intelligence.
A collection of prescriptive recipes for preparing and applying countermeasures against cyber threats and attacks.
A browser extension that streamlines security investigations by providing quick lookups for IPs, domains, hashes, and other indicators.
A modified fork of Cuckoo Sandbox with enhanced malware analysis capabilities, improved stability, and additional features.
A web interface for the Volatility memory forensics framework that runs plugins, stores results in MongoDB, and enables cross-plugin search.
A Python RESTful API framework for querying multiple online malware analysis and threat intelligence services.
A framework for orchestrating forensic collection, processing, and data export through modular recipes.
A forensic artifact parsing tool that quickly analyzes disk images and extracted artifacts from Windows, Linux, macOS, and Android devices.
An open-source blue team tool that protects Linux and Windows operating systems through multiple security methods.
A Windows GUI tool that reconstructs directory trees and analyzes FILE records from NTFS Master File Table ($MFT) files.
A collection of independent Python scripts for monitoring Linux system security and investigating potential compromises.
A customizable single-binary agent for collecting forensic artifacts from Windows, macOS, and Linux systems.
A PowerShell module for live incident response that enumerates Windows autorun artifacts to detect persistence mechanisms used by malware and legitimate programs.
A modular, recursive file scanning framework that extends Yara signatures to extract and analyze file objects for malware analysis and intelligence.
A curated reference hub of tools and real-world examples for designing effective threat detection and response pipelines.
A curated list of tools and resources for understanding, detecting, and removing malware persistence techniques across operating systems.
A PowerShell module for remote endpoint threat hunting, scanning for indicators of compromise and collecting system state information.
A distributed web interface for collaborative memory forensics analysis using Volatility 3.
An automated memory analysis tool for malware samples and memory dumps that extracts executables, processes, injections, and artifacts.
A multiplatform Linux sandbox for malware traffic analysis and IOC capture using QEMU emulation.
A web-based interface for the Volatility memory forensics framework, enabling browser-based analysis of RAM dumps.
A Splunk-based platform for deploying honeypots and analyzing attacker sessions with intelligence dashboards and threat feeds.
A lightweight incident response tool for rapid suspicious file discovery during threat hunting and forensic triage.
A cyber security incident response management system and knowledge base designed to coordinate team efforts and capture team knowledge.
Automated deployment of a Cuckoo Sandbox malware analysis lab with Windows 10 detonation using Packer and Vagrant.
A Linux memory acquisition tool that creates ELF core dumps compatible with gdb, crash, and drgn for incident response.
A Kubernetes operator that creates checkpoint snapshots of running pods for offline forensic analysis after security incidents.
A deprecated threat intelligence platform for collecting, processing, and sharing security indicators.
An open-source SIEM system built with Python Django for log management, risk assessment, and asset tracking.
An open-source memory forensics tool built on Volatility for differential analysis and data reduction in malware investigations.
A Windows artifact collection and parsing tool for targeted digital forensics and incident response investigations.
An advanced Apache logfile security analyzer for post-attack forensics, detecting web application attacks using multiple detection techniques.
A Python tool for advanced analysis of Windows AppCompat/AmCache forensic artifacts, enabling threat hunting beyond basic grep techniques.
Recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.
Related Tags
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.