From 662dbd99047d5a3292f9a2ee453ab5f89a180d77 Mon Sep 17 00:00:00 2001 From: "Keith J. Jones" Date: Wed, 31 Aug 2016 10:37:53 -0400 Subject: [PATCH 1/3] Added two keithjjones tools. --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index c3f4f41..86c9277 100644 --- a/README.md +++ b/README.md @@ -133,6 +133,9 @@ A curated list of tools and resources for security incident response, aimed to h * [Stenographer](https://github.com/google/stenographer) - Stenographer is a packet capture solution which aims to quickly spool all packets to disk, then provide simple, fast access to subsets of those packets. It stores as much history as it possible, managing disk usage, and deleting when disk limits are hit. It's ideal for capturing the traffic just before and during an incident, without the need explicit need to store all of the network traffic * [traceroute-circl](https://github.com/CIRCL/traceroute-circl) - traceroute-circl is an extended traceroute to support the activities of CSIRT (or CERT) operators. Usually CSIRT team have to handle incidents based on IP addresses received. Created by Computer Emergency Responce Center Luxembourg * [X-Ray 2.0](https://www.raymond.cc/blog/xray/) - A Windows utility (poorly maintained or no longer maintained) to submit virus samples to AV vendors +* [hostintel](https://github.com/keithjjones/hostintel) - Pull intelligence per host +* [fileintel](https://github.com/keithjjones/fileintel) - Pull intelligence per file hash + ### Playbooks From 07b81326dd8744e32d6c2c3d231dad320368872f Mon Sep 17 00:00:00 2001 From: "Keith J. Jones" Date: Wed, 31 Aug 2016 10:44:50 -0400 Subject: [PATCH 2/3] Alphabetized and capitalized. --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 86c9277..2a47ea1 100644 --- a/README.md +++ b/README.md @@ -124,7 +124,9 @@ A curated list of tools and resources for security incident response, aimed to h * [Crits](https://crits.github.io/) - a web-based tool which combines an analytic engine with a cyber threat database * [Fenrir](https://github.com/Neo23x0/Fenrir) - Fenrir is a simple IOC scanner. It allows scanning any Linux/Unix/OSX system for IOCs in plain bash. Created by the creators of THOR and LOKI +* [Fileintel](https://github.com/keithjjones/fileintel) - Pull intelligence per file hash * [Hindsight](https://github.com/obsidianforensics/hindsight) - Internet history forensics for Google Chrome/Chromium +* [Hostintel](https://github.com/keithjjones/hostintel) - Pull intelligence per host * [Kansa](https://github.com/davehull/Kansa/) - Kansa is a modular incident response framework in Powershell * [rastrea2r](https://github.com/aboutsecurity/rastrea2r) - allows one to scan disks and memory for IOCs using YARA on Windows, Linux and OS X * [RaQet](https://raqet.github.io/) - RaQet is an unconventional remote acquisition and triaging tool that allows triage a disk of a remote computer (client) that is restarted with a purposely built forensic operating system @@ -133,8 +135,6 @@ A curated list of tools and resources for security incident response, aimed to h * [Stenographer](https://github.com/google/stenographer) - Stenographer is a packet capture solution which aims to quickly spool all packets to disk, then provide simple, fast access to subsets of those packets. It stores as much history as it possible, managing disk usage, and deleting when disk limits are hit. It's ideal for capturing the traffic just before and during an incident, without the need explicit need to store all of the network traffic * [traceroute-circl](https://github.com/CIRCL/traceroute-circl) - traceroute-circl is an extended traceroute to support the activities of CSIRT (or CERT) operators. Usually CSIRT team have to handle incidents based on IP addresses received. Created by Computer Emergency Responce Center Luxembourg * [X-Ray 2.0](https://www.raymond.cc/blog/xray/) - A Windows utility (poorly maintained or no longer maintained) to submit virus samples to AV vendors -* [hostintel](https://github.com/keithjjones/hostintel) - Pull intelligence per host -* [fileintel](https://github.com/keithjjones/fileintel) - Pull intelligence per file hash ### Playbooks From 518772feb649c3b45a30416158d215d37087ead3 Mon Sep 17 00:00:00 2001 From: "Keith J. Jones" Date: Tue, 4 Oct 2016 16:10:39 -0400 Subject: [PATCH 3/3] Added cuckoo-modified-api --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 2a47ea1..5c7b7d4 100644 --- a/README.md +++ b/README.md @@ -151,6 +151,7 @@ A curated list of tools and resources for security incident response, aimed to h * [Cuckoo](https://github.com/cuckoobox) - Open Source Highly configurable sandboxing tool * [Cuckoo-modified](https://github.com/spender-sandbox/cuckoo-modified) - Heavily modified Cuckoo fork developed by community +* [Cuckoo-modified-api](https://github.com/keithjjones/cuckoo-modified-api) - A Python library to control a cuckoo-modified sandbox * [Hybrid-Analysis](https://www.hybrid-analysis.com/) - Hybrid-Analysis is a free powerful online sandbox by Payload Security * [Malwr](https://malwr.com) - Malwr is a free online malware analysis service and community, which is powered by the Cuckoo Sandbox * [Mastiff](https://github.com/KoreLogicSecurity/mastiff) - MASTIFF is a static analysis framework that automates the process of extracting key characteristics from a number of different file formats