diff --git a/README.md b/README.md
index 7badce5..8519ddd 100644
--- a/README.md
+++ b/README.md
@@ -1225,14 +1225,6 @@ _return-to-libc techniques_
This is a GUI (for Windows 64 bit) for a procedure to virtualize your EWF(E01), DD(Raw), AFF disk image file without converting it, directly with VirtualBox, forensically proof.
-
- | OSSEC |
- Open Source HIDS SECurity |
-
-
- | williballenthin/INDXParse |
- Tool suite for inspecting NTFS artifacts |
-
|
nshalabi/SysmonTools
@@ -1241,6 +1233,14 @@ _return-to-libc techniques_
Utilities for Sysmon (Sysmon View and Sysmon Shell)
|
+
+ | OSSEC |
+ Open Source HIDS SECurity |
+
+
+ | ptresearch/AttackDetection
+ | The Attack Detection Team searches for new vulnerabilities and 0-days, reproduces it and creates PoC exploits to understand how these security flaws work and how related attacks can be detected on the network layer. Additionally, we are interested in malware and hackers’ TTPs, so we develop Suricata rules for detecting all sorts of such activities. |
+
| refractionPOINT/limacharlie |
LC is an Open Source, cross-platform (Windows, MacOS, Linux ++), realtime Endpoint Detection and Response sensor. The extra-light sensor, once installed on a system provides Flight Data Recorder type information (telemetry on all aspects of the system like processes, DNS, network IO, file IO etc). |
@@ -1265,6 +1265,10 @@ _return-to-libc techniques_
williballenthin/EVTXtract |
EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images. |
+
+ | williballenthin/INDXParse |
+ Tool suite for inspecting NTFS artifacts |
+
| williballenthin/process-forest |
process-forest is a tool that processes Microsoft Windows EVTX event logs that contain process accounting events and reconstructs the historical process heirarchies. |