Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Top 23 Dfir Open-Source Projects
-
my-arsenal-of-aws-security-tools
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
zeek
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
-
DetectionLab
Automate the creation of a lab environment complete with security tooling and logging best practices
-
ThreatHunter-Playbook
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
hayabusa
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
-
Digital-Forensics-Guide
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
-
matano
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
-
beagle
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs. (by yampelo)
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
I have an idea for a simar style website that i would like to create, and i was going to use GTFOBins as a template and ammend to fit my data, much like LOLBAS has.
Project mention: Suricata VS zeek - a user suggested alternative | libhunt.com/r/suricata | 2024-01-02
Project mention: A fun new feature we are working on in systemd: userspace-only reboot | news.ycombinator.com | 2023-07-06https://github.com/cugu/awesome-forensics#acquisition : Memory forensics acquisition tools: POFR: PenguinOS Flight Recorder, LIME
Project mention: My Boss Downloaded and Opened a .lnk File and Installed a Malware in His Device | /r/computerforensics | 2023-06-06You should run a tool like loki for ioc scanning. This will identify persistence https://github.com/Neo23x0/Loki
Project mention: What are your go-to tools for task management and/or case work? | /r/cybersecurity | 2023-12-09I had a quick test with the hive looks pretty nice. https://thehive-project.org/
Project mention: Angle-grinder: Slice and dice logs on the command line | news.ycombinator.com | 2024-04-29There’s already a DFIR log tool named chainsaw: https://github.com/WithSecureLabs/chainsaw
I was specifically using the https://github.com/olafhartong/sysmon-modular config, but once we started seeing systems crash I tried building extremely minimal configs and still found them causing hangs.
Project mention: Xzbot: Notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094) | news.ycombinator.com | 2024-04-01> It doesn't matter.
To understand the exact behavior and extend of the backdoor, this does matter. An end to end proof of how it works is exactly what was needed.
> A way to check if servers are vulnerable is probably by querying the package manager
Yes, this has been know since the initial report + later discovering what exact strings are present for the payload.
https://github.com/Neo23x0/signature-base/blob/master/yara/b...
> Not very sophisticated, but it'll work.
Unfortunately, we live in a world with closed-servers and appliances - being able as a customer or pen tester rule out certain class of security issues without having the source/insights available is usually desirable.
Project mention: Hayabusa: Sigma-based forensics timeline generator for Windows event logs | news.ycombinator.com | 2024-04-24
If you're looking to learn on your own, try mikeroyal's digital forensics guide on Github. There's a lot of recommended resources there that'll speed you up. https://github.com/mikeroyal/Digital-Forensics-Guide
sorry thats https://matano.dev
Dfir related posts
-
Hayabusa: Sigma-based forensics timeline generator for Windows event logs
-
RecuperaBit: A tool for forensic file system reconstruction
-
A fun new feature we are working on in systemd: userspace-only reboot
-
Sysmon 15.0 is out now with advanced features
-
Advanced Hunting queries every admin should use
-
LOOBins
-
Release v2.5.0 🦅 of Hayabusa - Hayabusa is a Windows event log fast forensics timeline generator and threat hunting tool
-
A note from our sponsor - InfluxDB
www.influxdata.com | 31 May 2024
Index
What are some of the best open-source Dfir projects? This list will help you:
Project | Stars | |
---|---|---|
1 | my-arsenal-of-aws-security-tools | 8,757 |
2 | awesome-incident-response | 7,184 |
3 | LOLBAS | 6,654 |
4 | zeek | 5,998 |
5 | DetectionLab | 4,476 |
6 | ThreatHunter-Playbook | 3,889 |
7 | awesome-forensics | 3,642 |
8 | Loki | 3,254 |
9 | TheHive | 3,166 |
10 | IntelOwl | 3,158 |
11 | chainsaw | 2,581 |
12 | timesketch | 2,511 |
13 | sysmon-modular | 2,515 |
14 | signature-base | 2,357 |
15 | EVTX-ATTACK-SAMPLES | 2,126 |
16 | hayabusa | 1,993 |
17 | cyberchef-recipes | 1,930 |
18 | yeti | 1,644 |
19 | MemLabs | 1,520 |
20 | Digital-Forensics-Guide | 1,379 |
21 | matano | 1,367 |
22 | Cortex | 1,258 |
23 | beagle | 1,250 |
Sponsored