Incident Response

IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol, with a focus on incident handling automation and threat intelligence processing.

PyIOCe is a Python-based OpenIOC editor that enables security professionals to create, edit, and manage Indicators of Compromise for threat intelligence and incident response operations.

HoneyDB is a honeypot-based threat intelligence platform that provides real-time insights into attacker behavior and malicious activity on networks.

A collection of free shareable log samples from various systems with evidence of compromise and malicious activity, maintained by Dr. Anton Chuvakin.

Collection of malware persistence information and techniques

Margarita Shotgun is a Python tool that enables remote memory acquisition from target systems through command line interface, supporting Linux distributions and other operating systems via Docker containers.

Dissect is a digital forensics & incident response framework that simplifies the analysis of forensic artefacts from various disk and file formats.

DetectionLab is a pre-configured Windows domain environment with security tooling and logging designed for cybersecurity training and detection capability development.

A collection of automation workflows for the Shuffle security orchestration platform that covers common cybersecurity use-cases and can be customized for organizational needs.

A collection of YARA rules for research and hunting purposes.

A report on detecting lateral movement through tracking event logs, updated to include analysis of various tools and commands used by attackers.

SCOT is a cybersecurity incident tracking and management platform that enables security operations centers to document, analyze, and coordinate responses to security events through collaborative workflows.

Tool for visualizing correspondences between YARA ruleset and samples

SOAR platform for orchestrating security products and automating SOC workflows

A Linux distribution designed for threat emulation and threat hunting, integrating attacker and defender tools for identifying threats in your environment.

A web collaborative platform for incident responders to share technical details during investigations, shipped in Docker containers for easy installation and upgrades.

A PowerShell module for threat hunting and security analysis through Windows Event Log processing and malicious activity detection.

An intrusion prevention system for SSH that blocks IP addresses after a set number of consecutive failed login attempts.

Free tools for the CrowdStrike customer community to support their use of the Falcon platform.

A collection of structured incident response playbook battle cards providing prescriptive guidance and countermeasures for cybersecurity incident response operations.

A collection of AWS-native scripts and automation tools for DevSecOps, incident response, and security remediation in cloud environments.

SwishDbgExt is a Microsoft WinDbg debugging extension that enhances debugging capabilities for kernel developers, troubleshooters, and security experts.

Automated collection tool for incident response triage in Windows systems.

Utilizing SIEM, SOAR, and EDR technologies to enhance security operations with a focus on reducing incident response time.