Incident Response
Browse 1,610 incident response tools
FEATURED
Dataplane.org is a nonprofit organization providing free data, tools, and analysis to increase awareness of Internet trends, anomalies, threats, and misconfigurations.
A PowerShell-based incident response and live forensic data acquisition tool for Windows hosts.
A collection of YARA rules designed to identify files containing sensitive information such as usernames, passwords, and credit card numbers for penetration testing and forensic analysis.
A comprehensive guide to memory forensics, covering tools, techniques, and procedures for analyzing volatile memory.
BlueTeam.Lab provides Terraform and Ansible scripts to deploy an orchestrated detection laboratory for testing attacks and forensic artifacts in a SOC-like Windows environment.
A comprehensive list of IP addresses for cybersecurity purposes, including threat intelligence, incident response, and security research.
A honeypot agent for running honeypots with service and data at threatwar.com.
AI-powered endpoint protection, detection, and response platform
XDR platform with EDR, NGAV, MDR, threat hunting, and incident response
A cybersecurity concept categorizing indicators of compromise based on their level of difficulty for threat actors to change.
Collection of YARA signatures from recent malware research.
A collection of PowerShell modules for artifact gathering and reconnaissance of Windows-based endpoints.
A honeytoken-based tripwire for Microsoft's Active Directory to detect privilege escalation attempts
Timeliner is a digital forensics tool that rewrites mactime with an advanced expression engine for complex timeline filtering using BPF syntax.
Create checkpoint snapshots of the state of running pods for later off-line analysis.
DFIRTrack is an open source web application focused on incident response for handling major incidents with many affected systems, tracking system status, tasks, and artifacts.
A Windows-based workflow automation and case management application that integrates with CrowdStrike Falcon APIs to streamline security operations and incident response processes.
A curated collection of companies that have publicly disclosed adversary tactics, techniques, and procedures following security breaches.
Strelka is a real-time, container-based file scanning system that performs file extraction and metadata collection at enterprise scale for threat hunting, detection, and incident response.
KFSensor is an advanced Windows honeypot system for detecting hackers and worms by simulating vulnerable system services.
Blue-team capture the flag competition for improving cybersecurity skills.
