Collaborative forensic timeline analysis

A toolset to make a system look as if it was the victim of an APT attack

ReversingLabs YARA Rules

Investigate malicious Windows logon by visualizing and analyzing Windows event log

TrustedSec Sysinternals Sysmon Community Guide

A resource containing all the tools each ransomware gangs uses

Repository documenting how Threat Intelligence and / or a Threat Intelligence Platform can prove its value to an organisation.

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Distributed malware processing framework based on Python, Redis and S3.

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections…

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

A framework for orchestrating forensic collection, processing and data export

Sandbox for automated Linux malware analysis.

A repository of curated datasets from various attacks

Fast Incident Response

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

Digital Forensics Investigation Platform

Automated YARA Rule Standardization and Quality Assurance Tool

Taranis AI is an advanced Open-Source Intelligence (OSINT) tool, leveraging Artificial Intelligence to revolutionize information gathering and situational analysis.

A secure sandbox environment for malware developers and red teamers to test payloads against detection mechanisms before deployment. Integrates with LLM agents via MCP for enhanced analysis capabil…

Arkime is an open source, large scale, full packet capturing, indexing, and database system.

Fast C++ logging library.

✨ A curated list of awesome threat detection and hunting resources 🕵️‍♂️

Useful resources for SOC Analyst and SOC Analyst candidates.

Helm charts for running open source digital forensic tools in Kubernetes

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.