Awesome-Mirrors/my-infosec-awesome
1
0
Fork 0
mirror of https://github.com/pe3zx/my-infosec-awesome.git synced 2024-12-12 01:24:21 -05:00
Code Issues Packages Projects Releases Wiki Activity

Tools: Digital Forensics and Incident Response: ptresearch/AttackDetection

Browse Source
This commit is contained in:
pe3zx 2018-08-21 21:09:26 +07:00
parent 0cccaa7973
commit 4fd370ee93
1 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
README.md
View File

@ -1225,14 +1225,6 @@ _return-to-libc techniques_
This is a GUI (for Windows 64 bit) for a procedure to virtualize your EWF(E01), DD(Raw), AFF disk image file without converting it, directly with VirtualBox, forensically proof. This is a GUI (for Windows 64 bit) for a procedure to virtualize your EWF(E01), DD(Raw), AFF disk image file without converting it, directly with VirtualBox, forensically proof.
</td> </td>
</tr> </tr>
<tr>
<td><a href="https://ossec.github.io/">OSSEC</a></td>
<td>Open Source HIDS SECurity</td>
</tr>
<tr>
<td><a href="https://github.com/williballenthin/INDXParse">williballenthin/INDXParse</a></td>
<td>Tool suite for inspecting NTFS artifacts</td>
</tr>
<tr> <tr>
<td> <td>
<a href="https://github.com/nshalabi/SysmonTools">nshalabi/SysmonTools</a> <a href="https://github.com/nshalabi/SysmonTools">nshalabi/SysmonTools</a>
@ -1241,6 +1233,14 @@ _return-to-libc techniques_
Utilities for Sysmon (Sysmon View and Sysmon Shell) Utilities for Sysmon (Sysmon View and Sysmon Shell)
</td> </td>
</tr> </tr>
<tr>
<td><a href="https://ossec.github.io/">OSSEC</a></td>
<td>Open Source HIDS SECurity</td>
</tr>
<tr>
<td><a href="https://github.com/ptresearch/AttackDetection">ptresearch/AttackDetection</a>
<td>The Attack Detection Team searches for new vulnerabilities and 0-days, reproduces it and creates PoC exploits to understand how these security flaws work and how related attacks can be detected on the network layer. Additionally, we are interested in malware and hackers TTPs, so we develop Suricata rules for detecting all sorts of such activities.</td>
</tr>
<tr> <tr>
<td><a href="https://github.com/refractionPOINT/limacharlie">refractionPOINT/limacharlie</a></td> <td><a href="https://github.com/refractionPOINT/limacharlie">refractionPOINT/limacharlie</a></td>
<td>LC is an Open Source, cross-platform (Windows, MacOS, Linux ++), realtime Endpoint Detection and Response sensor. The extra-light sensor, once installed on a system provides Flight Data Recorder type information (telemetry on all aspects of the system like processes, DNS, network IO, file IO etc).</td> <td>LC is an Open Source, cross-platform (Windows, MacOS, Linux ++), realtime Endpoint Detection and Response sensor. The extra-light sensor, once installed on a system provides Flight Data Recorder type information (telemetry on all aspects of the system like processes, DNS, network IO, file IO etc).</td>
@ -1265,6 +1265,10 @@ _return-to-libc techniques_
<td><a href="https://github.com/williballenthin/EVTXtract">williballenthin/EVTXtract</a></td> <td><a href="https://github.com/williballenthin/EVTXtract">williballenthin/EVTXtract</a></td>
<td>EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.</td> <td>EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.</td>
</tr> </tr>
<tr>
<td><a href="https://github.com/williballenthin/INDXParse">williballenthin/INDXParse</a></td>
<td>Tool suite for inspecting NTFS artifacts</td>
</tr>
<tr> <tr>
<td><a href="https://github.com/williballenthin/process-forest">williballenthin/process-forest</a></td> <td><a href="https://github.com/williballenthin/process-forest">williballenthin/process-forest</a></td>
<td>process-forest is a tool that processes Microsoft Windows EVTX event logs that contain process accounting events and reconstructs the historical process heirarchies.</td> <td>process-forest is a tool that processes Microsoft Windows EVTX event logs that contain process accounting events and reconstructs the historical process heirarchies.</td>