Untitled Goose Tool
A robust and flexible hunt and incident response tool for investigating AzureAD, Azure, and M365 environments.
This report is intended for incident investigation and explains what logs are recorded and what files are created upon execution of tools/commands that are often used in lateral movement. Updated Contents: This report is intended for incident investigation and explains what logs are recorded and what files are created upon execution of tools/commands that are often used in lateral movement. While the previous report mainly focused on investigation on event logs and registry entries, this updated report also covers other types of logs and files that are created during lateral movement. The report includes analysis results of various tools and commands that are likely used by attackers in lateral movement, and provides information on how to identify and analyze these tools and commands. The report is intended for incident responders, security analysts, and other professionals who are involved in incident response and incident investigation.
A robust and flexible hunt and incident response tool for investigating AzureAD, Azure, and M365 environments.
A modular incident response framework in Powershell that uses Powershell Remoting to collect data for incident response and breach hunts.
Migrated Splunk SOAR Connectors to new GitHub organization for better organization and management.
A DFIR Playbook Spec based on YAML for collaborative incident response processes.
Open-source abuse management toolkit for automating and improving the abuse handling process.
A collaborative and open-source incident response platform for sharing observables among analysts.