Awesome-Mirrors/awesome-incident-response
1
0
Fork 0
mirror of https://github.com/meirwah/awesome-incident-response.git synced 2025-01-06 12:58:03 -05:00
Code Issues Packages Projects Releases Wiki Activity
521 Commits 3 Branches 0 Tags 1.8 MiB
b1bf9b2546
Commit Graph

339 Commits

Author SHA1 Message Date
Andrew Rathbun
5bc56db6bb Update README.md 2021-09-15 11:28:32 -04:00
Andrew Rathbun
d2a8d20757
Merge branch 'meirwah:master' into master 2021-09-15 08:39:29 -04:00
Andrew Rathbun
0ea1d71f3f
Update README.md 2021-09-15 07:46:59 -04:00
Meir Wahnon
9d25729b04
Merge pull request #172 from lizardlabs/patch-1 
Log Parser Lizard na Event Log Observer are added to the list
 2021-09-15 09:56:56 +03:00
Andrew Rathbun
66a98b7cdf update README.md 2021-09-14 22:01:24 -04:00
Andrew Rathbun
0edb63700e update README.md 2021-09-14 21:57:09 -04:00
Mathias Stuhlmacher
04dbc3b591 fixed table of contents 2021-07-26 08:58:11 +02:00
Mathias Stuhlmacher
4d15b16088 Merge https://github.com/meirwah/awesome-incident-response into original_master 2021-07-26 08:45:10 +02:00
Mathias Stuhlmacher
7ffb3a998d changed according to PR comments 2021-07-26 08:38:32 +02:00
Pedro Cunha
650eb9abcf Book: Intelligence-Driven Incident Response 2021-07-25 18:07:58 +01:00
Pedro Cunha
06dc2aa152 Book: Intelligence-Driven Incident Response 2021-07-25 18:02:33 +01:00
Pedro Cunha
4401aab8fa Book: Intelligence-Driven Incident Response 2021-07-25 13:18:24 +01:00
Lizard Labs Software
15bd5b7fb2
Update README.md 2021-07-10 01:06:36 +02:00
Paul Masek
fc879a1821
Added "AWS Incident Response Runbook Samples" 2021-06-24 10:30:35 -04:00
Mathias Stuhlmacher
10fced5d21 added book 2021-06-15 23:33:13 +02:00
Mathias Stuhlmacher
7c85f1ee07 added and updated tools and repos 2021-06-15 23:16:49 +02:00
Mathias Stuhlmacher
aaa11a328e changed DFIRTrack link to reflect move to an organization 2021-06-09 20:11:48 +02:00
V
1635b0a0de
Added some new resources. 2021-06-01 19:09:39 +02:00
V
9740c6ec4f
Added a note for Rekall 
Rekall is not maintained anymore and the author archived the repo.
 2021-06-01 18:56:40 +02:00
V
962658bc37
Added books in sorted order 2021-06-01 18:48:51 +02:00
V
f9cc1eb5d2
Added new books 2021-06-01 18:43:22 +02:00
Marco
a594e7e878
Update README.md 
Adding new SandBox Tool
 2021-05-17 09:34:28 +02:00
Meir Wahnon
e6e230551c
Merge pull request #154 from spellanser/patch-1 
add AVML memory acquisition tool
 2021-03-22 08:44:10 +02:00
Thiago Canozzo Lahr
6b242418a7 upd: UAC tool description updated 
Signed-off-by: Thiago Canozzo Lahr <tclahr@br.ibm.com>
 2021-02-22 22:58:15 -03:00
Ahmed Elshaer
e7d0d54c68
replacing kolide with fleetdm 
positioned in the correct order
 2021-01-25 10:21:17 +01:00
Ahmed Elshaer
4bbc34149a
replacing kolide with fleetdm 2021-01-25 09:40:16 +01:00
RDxR10
3cea504804
Fixed some typos :) 2020-10-31 00:28:37 +05:30
Explie
05a18e7b0f
Resolving PR comments 
Resolving Review https://github.com/meirwah/awesome-incident-response/pull/158
 2020-10-28 16:41:10 +01:00
Explie
cca8e193cc
Updating IOCFinder description, no longer maintained 2020-10-28 13:56:26 +01:00
Explie
ed8a880c4e
Removing TRIAGE-IR, old and unavailable 
Source code unavailable. Last deployment Nov 9, 2012
 2020-10-28 13:54:15 +01:00
Explie
f925159070
Updating dead RegRipper Link 2020-10-28 13:52:14 +01:00
Explie
6a69cc8d88
Removing Fidelis TS, no longer available 2020-10-28 13:51:13 +01:00
Explie
cc25ebae59
Removing FECT, no longer maintained nor running 
Development status
FECT is no longer maintained
 2020-10-28 13:49:54 +01:00
Explie
aa6a76b2fe
Removing binforray, no longer available 
Replaced by https://ericzimmerman.github.io/
 2020-10-28 13:48:58 +01:00
Explie
98b2496fc9
Fixing dead Cuckoo SB Link 
Fixing dead Cuckoo SB Link
 2020-10-28 13:44:36 +01:00
Explie
892d4a694c
Updating CAPE with newer Version CAPEv2 
Updating CAPE with newer Version CAPEv2
 2020-10-28 13:44:01 +01:00
Explie
b5cbb95ece
Replacing User Mode Process Dumper with ProcDump 
The Microsoft User Mode Process Dumper is no longer available. Alternate Sysinternals Tool would be ProcDump
 2020-10-28 13:43:10 +01:00
Explie
22b3932946
Updating KnockKnock Link, no longer open source 
Updating KnockKnock Link, no longer open source
 2020-10-28 13:40:46 +01:00
Explie
81578c73b2
Removing searchgiant, no longer available 
Searchgiant is no longer maintained nor available
 2020-10-28 13:38:59 +01:00
Explie
d4e625314c
Updating old rastrea2r link 
Updating old rastrea2r link
 2020-10-28 13:36:53 +01:00
Explie
3492ba4daa
Fixing broken WindowsSCOPE link 
Fixing broken WindowsSCOPE link
 2020-10-28 13:36:05 +01:00
Explie
583b1f397d
Removing KnTTools , no longer available 
KnTTools are no longer available. The only left over artifacts are: https://github.com/yuzhangiot/kntTools
 2020-10-28 13:34:06 +01:00
Explie
19cf0b602a
Fixing demisto dead links 
Removing dead demisto links and updating with the replacement tool XSOAR
 2020-10-28 13:31:25 +01:00
Explie
ec5a86b752
Fixing SCOT Link 
Replacing the unstable gov link with the github repo
 2020-10-28 13:27:54 +01:00
Explie
57231dfb48
Updating LimaCharlie Link 
Updating link to website since community open source version is no longer maintained
 2020-10-28 13:25:16 +01:00
Explie
bedf9f56bf
Removing Envdb, replaced by Kolide 
Envdb is replaced by Kolide which is already in the list
 2020-10-28 13:22:56 +01:00
Thiago Lahr
55c89ddc40 UAC tool added 
UAC tool added to the Evidence Collection list.

Signed-off-by: Thiago Lahr <tclahr@br.ibm.com>
 2020-10-23 18:18:04 -03:00
Peter Thaleikis
f071a3ddb4
Fixing Memoryze link 2020-10-16 10:41:31 +04:00
Peter Thaleikis
5364372943
Removing "Digital Forensics Framework": website gone 2020-09-30 16:27:49 +04:00
Sarkis Nanyan
820b78c0d6
fix order; 2020-07-23 12:26:38 +03:00
Sarkis Nanyan
fc56a63e03
add AVML memory acquisition tool 2020-07-22 18:40:34 +03:00
fabacab
a1a34dcf1e
Remove Mozilla Investigator (MIG), retired in favor of MozDef. 2020-06-18 14:24:46 -04:00
Meir Wahnon
4787e12d29
Merge pull request #148 from Karneades/patch-4 
Add Invoke-LiveResponse to Windows live collection
 2020-06-17 08:51:07 +03:00
Meir Wahnon
620b720813
Merge pull request #150 from Karneades/patch-2 
Add artifactcollector to evidence collection
 2020-06-17 08:50:28 +03:00
Meir Wahnon
abac9a3b57
Merge pull request #151 from stuhli/master 
Add some tools
 2020-06-17 08:49:34 +03:00
Meir Wahnon
52535d3210
Merge pull request #145 from Karneades/patch-1 
Add PowerGRR API client as addition to GRR
 2020-06-17 08:46:35 +03:00
Mathias Stuhlmacher
887dd7c188 Add some tools 2020-05-13 18:57:00 +02:00
Andreas Hunkeler
214a965de3
Add artifactcollector to evidence collection 2020-04-06 16:56:52 +02:00
Meir Wahnon
03bb3eacbb
Merge pull request #146 from Karneades/patch-2 
Add PowerSponse as containment tool
 2020-04-06 12:57:32 +03:00
Meir Wahnon
a5434d71e4
Merge pull request #147 from Karneades/patch-3 
Add IRTriage Windows evidence collection tool
 2020-04-06 12:53:48 +03:00
Andreas Hunkeler
92f687ae4c
Add CyLR to evidence collection 2020-04-06 11:42:12 +02:00
Andreas Hunkeler
a1a723cd8f
Add Invoke-LiveResponse to Windows live collection 2020-04-06 11:39:43 +02:00
Andreas Hunkeler
214ab6cb1f
Add IRTriage Windows evidence collection tool 2020-04-06 11:36:57 +02:00
Andreas Hunkeler
3a838c67ee
Add PowerSponse as containment tool 2020-04-06 11:33:34 +02:00
Andreas Hunkeler
075d3802af
Add PowerGRR API client as addition to GRR 2020-04-06 11:29:45 +02:00
Philip Tully
d1b2c47647 fixes formatting 2020-03-11 13:14:10 -04:00
Philip Tully
d72ca2cc60 Adds StringSifter 2020-03-11 13:11:37 -04:00
Meir Wahnon
0556ba2c58
update slack community link 2020-01-18 09:51:30 +02:00
Bart
fdef171a92
Update README.md 
Add CAPE sandbox.
 2019-11-03 14:07:12 +01:00
thefear100
0dc6f6b027
Update README.md 2019-10-31 12:55:35 -07:00
thefear100
6f1131cc0c
Update README.md 2019-10-31 12:55:12 -07:00
thefear100
0ca9d52209
Update README.md 2019-10-30 11:24:20 -07:00
Karol Trociński
2fdb66e00f
Update README.md 2019-10-26 10:07:40 +00:00
Karol Trociński
522e37f639
Add MalConfScan volatility plugin. 2019-10-26 10:00:23 +00:00
actualmermaid
e147176811
Update README.md 2019-10-17 11:38:36 -07:00
Herman Slatman
7cad62c65f
Add DFIR ORC 2019-09-24 10:51:24 +02:00
Bryan Bowie
18bc422371
Update README.md 
Added in several new tools as well as removed Malwr as it is no longer available at this time.
 2019-09-02 12:40:45 -04:00
Tony Phipps
174faaae58
Update README.md 2019-08-28 07:12:35 -04:00
Tony Phipps
7db1d4b1c0
Update README.md 2019-08-27 23:29:19 -04:00
Alexey Dolgikh
3945bce515
Update README.md 2019-06-03 09:53:54 +03:00
Alexey Dolgikh
e6817c1d19
Update README.md 
Adds Kaspersky CyberTrace and Kaspersky Threat Intelligence Portal
 2019-05-28 12:15:36 +03:00
Herman Slatman
1a4ab6dcf0
Fix errors after merge 2018-11-27 17:51:52 +01:00
Herman Slatman
045c36b3e9
Merge branch 'master' into hs_sysmon_search 2018-11-27 17:33:34 +01:00
Meitar M
c7366df265
Consistently use sentence casing, fix a typo, shorten verbose items. 
This commit continues the work to conform to the Awesome List style
guidelines. In this commit, item descriptions have been checked to
ensure they use sentence casing (first letter of the description must be
capitalized), a typo ("forenisic" -> "forensic") was fixed, and several
overly long descriptions that read too much like marketing material were
shortened to a single sentence for simplicity.
 2018-10-03 16:21:23 -04:00
Meitar M
6e4f1accca Continued style guide conformance fixes. 
This commit continues edits to make the list Awesome List conformant.
Specifically, this commit focuses on:

* Removing prepositions ("A," "An," "The," etc) from the start of items.
* Removing duplicated line item names from their descriptions.
* Expanding acronyms of line item names in the link itself.

Again, this is just one step in the process of making the list more
conformant to the Awesome List style guide and should not be considered
an exhaustive treatment.
 2018-10-03 15:47:22 -04:00
Meitar M
c7dc47c239 Begin style conformance with new Awesome List guides. 
The Awesome List style guide wants listed awesome lists to conform to a
particular style. Their style guide includes numerous items, some of
which are addressed by this commit. The items addressed herein include:

* Name of list as the top-level heading.
* Awesome badge placed to the right of the title, not underneath.
* Description of the list contents.
* All line items should end in appropriate punctuation (like a period).

This is a first pass and should not be considered an exhaustive
accounting of the style guide's recommendations.
 2018-10-03 15:44:51 -04:00
Herman Slatman
a3d57c4271
Merge branch 'master' into hs_sysmon_search 2018-10-01 21:12:35 +02:00
Herman Slatman
cb5016d109
Add StreamAlert 2018-10-01 20:14:38 +02:00
Herman Slatman
2b404faf3d
Add SysmonSearch 2018-10-01 20:10:43 +02:00
CIRT Josh
e84f24cc69
Update README.md 2018-08-30 17:31:50 +01:00
CIRT Josh
1fcabb74c4
Merge pull request #1 from meirwah/master 
Update
 2018-08-30 17:28:40 +01:00
Meitar M
87ae91b21e
Add Scout2, an AWS assessment and (semi-)automated account hardening tool. 2018-08-22 14:00:32 -04:00
Meitar M
8433df3be6
Add Margarita Shotgun, a Python-based remote memory acquisition tool. 2018-08-22 14:00:12 -04:00
Herman Slatman
81805dfaeb
Add Diffy 2018-07-17 22:47:56 +02:00
Binalyze
4626070758
Update README.md 
Added the word free.
 2018-06-17 22:23:30 +03:00
Binalyze
866884f933
Update README.md 
Added IREC into Windows Evidence Collection list.
 2018-06-17 22:22:30 +03:00
Meir Wahnon
097454d7b8
Merge pull request #107 from hslatman/hs_adversary_emulation 
Add Adversary Emulation section
 2018-05-12 09:51:21 -07:00
nogoodconfig
6c38544120 Added PyaraScanner 2018-05-03 15:30:52 +01:00
nogoodconfig
c3320ee0d3 Added PyaraScanner 2018-05-03 15:30:01 +01:00
megan201296
52282a826c
Update README.md 
Removed `s` in `https://augmentd.co/`. augmentd only uses `http`
 2018-04-24 17:01:30 -05:00