Tools: Digital Forensics and Incident Response: ptresearch/AttackDetection

2024-06-27 06:02:09 +00:00 · 2018-08-21 21:09:26 +07:00 · 2018-08-21 21:09:26 +07:00 · 4fd370ee93
commit 4fd370ee93
parent 0cccaa7973
1 changed files with 12 additions and 8 deletions
--- a/README.md
+++ b/README.md
@ -1225,14 +1225,6 @@ _return-to-libc techniques_
            This is a GUI (for Windows 64 bit) for a procedure to virtualize your EWF(E01), DD(Raw), AFF disk image file without converting it, directly with VirtualBox, forensically proof.
        </td>
    </tr>
-    <tr>
-        <td><a href="https://ossec.github.io/">OSSEC</a></td>
-        <td>Open Source HIDS SECurity</td>
-    </tr>
-    <tr>
-        <td><a href="https://github.com/williballenthin/INDXParse">williballenthin/INDXParse</a></td>
-        <td>Tool suite for inspecting NTFS artifacts</td>
-    </tr>
    <tr>
        <td>
            <a href="https://github.com/nshalabi/SysmonTools">nshalabi/SysmonTools</a>
@ -1241,6 +1233,14 @@ _return-to-libc techniques_
            Utilities for Sysmon (Sysmon View and Sysmon Shell)
        </td>
    </tr>
+    <tr>
+        <td><a href="https://ossec.github.io/">OSSEC</a></td>
+        <td>Open Source HIDS SECurity</td>
+    </tr>
+    <tr>
+        <td><a href="https://github.com/ptresearch/AttackDetection">ptresearch/AttackDetection</a>
+        <td>The Attack Detection Team searches for new vulnerabilities and 0-days, reproduces it and creates PoC exploits to understand how these security flaws work and how related attacks can be detected on the network layer. Additionally, we are interested in malware and hackers’ TTPs, so we develop Suricata rules for detecting all sorts of such activities.</td>
+    </tr>
    <tr>
        <td><a href="https://github.com/refractionPOINT/limacharlie">refractionPOINT/limacharlie</a></td>
        <td>LC is an Open Source, cross-platform (Windows, MacOS, Linux ++), realtime Endpoint Detection and Response sensor. The extra-light sensor, once installed on a system provides Flight Data Recorder type information (telemetry on all aspects of the system like processes, DNS, network IO, file IO etc).</td>
@ -1265,6 +1265,10 @@ _return-to-libc techniques_
        <td><a href="https://github.com/williballenthin/EVTXtract">williballenthin/EVTXtract</a></td>
        <td>EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.</td>
    </tr>
+    <tr>
+        <td><a href="https://github.com/williballenthin/INDXParse">williballenthin/INDXParse</a></td>
+        <td>Tool suite for inspecting NTFS artifacts</td>
+    </tr>
    <tr>
        <td><a href="https://github.com/williballenthin/process-forest">williballenthin/process-forest</a></td>
        <td>process-forest is a tool that processes Microsoft Windows EVTX event logs that contain process accounting events and reconstructs the historical process heirarchies.</td>