Incident Response

A framework for accumulating, describing, and classifying actionable Incident Response techniques

Shuffle Automation provides an open-source platform for security orchestration, automation, and response.

Catalyst is a SOAR platform that automates alert handling and incident response procedures through ticket management, templates, and playbooks.

A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.

A modular incident response framework in Powershell that uses Powershell Remoting to collect data for incident response and breach hunts.

A multithreaded YARA scanner for incident response or malware zoos.

A simple, self-contained modular host-based IOC scanner for incident responders.

JIMI is a flow-based orchestration automation platform that combines low-code and no-code capabilities for multi-team collaboration across IT, security, and development operations.

A deprecated digital forensics tool by Netflix that helped investigators scope compromises across AWS cloud instances by identifying behavioral differences and outliers during security incidents.

Docker Explorer is a forensic tool that enables investigators to explore and analyze offline Docker container filesystems by reconstructing layered filesystem structures.

COPS is a YAML-based schema standard for creating collaborative DFIR playbooks that provide structured guidance for incident response processes.

A comprehensive guide to investigating security incidents in popular cloud platforms, covering essential tools, logs, and techniques for cloud investigation and incident response.

Halogen automates the creation of YARA rules based on image files embedded in malicious documents to assist in threat detection and identification.

A Go-based honeypot server for detecting and logging attacker activity

Using Apache mod_rewrite rules to rewrite incident responder or security appliance requests to an innocuous website or the target's real website.

The Cybersecurity and Infrastructure Security Agency (CISA) is a government agency that provides alerts, advisories, and resources to help protect the United States' critical infrastructure from cyber threats.

A comprehensive guide for system administrators to detect and identify potential security threats on Windows 2000 systems.

A comprehensive guide to developing an incident response capability through intelligence-based threat hunting, covering theoretical concepts and real-life scenarios.

A condensed field guide for cyber security incident responders, covering incident response processes, attacker tactics, and practical techniques for handling incidents.

Incident Response Documentation tool for tracking findings and tasks.

A serverless SOAR framework for AWS GuardDuty that automatically executes configurable response actions based on security findings and threat severity.

A cybersecurity challenge where you play the role of an incident response consultant investigating an intrusion at Precision Widgets of North Dakota.

A PHP based web application for managing postmortems with pluggable features.

Template-based incident response runbooks for AWS environments following NIST guidelines to help organizations handle common cloud security incidents.