A web collaborative platform for incident responders to share technical details during investigations, shipped in Docker containers for easy installation and upgrades.
Stronghold is the easiest way to securely configure your Mac. Designed for macOS Sierra and High Sierra. Not yet tested on macOS Mojave, but I'm working on updating it! Usage: stronghold.py [OPTIONS] Securely configure your Mac. Developed by Aaron Lichtman -> (Github: alichtman) Options: -lockdown Set secure configuration without user interaction. -v Display version and author information and exit. -help, -h Show this message and exit. Installation Options: Install with pip $ pip install stronghold $ stronghold Download the stronghold binary from Releases tab. Configuration Options: Firewall - Turn on Firewall? This helps protect your Mac from being attacked over the internet. Turn on logging? If there IS an infection, logs are useful for determining the source. Turn on stealth mode? Your Mac will not respond to ICMP ping requests or connection attempts from closed TCP and UDP networks. General System Protection: Enable Gatekeeper? Defend against malware by enforcing code signing and verifying downloaded applications before allowing them to run. Prevent automatic software whitelisting? Both built-in and downloaded software will require user approval for whitelisting. Disable Capti
A web collaborative platform for incident responders to share technical details during investigations, shipped in Docker containers for easy installation and upgrades.
CimSweep is a suite of CIM/WMI-based tools for incident response and hunting operations on Windows systems without the need to deploy an agent.
A modular incident response framework in Powershell that uses Powershell Remoting to collect data for incident response and breach hunts.
Check if your email address has been involved in a data breach.
A DFIR Playbook Spec based on YAML for collaborative incident response processes.
A Security Orchestration, Automation and Response (SOAR) platform for incident response and threat hunting.