Pinned Repositories
activity-log-export-automation
Connect Splunk to Azure Activity Log via PowerShell automation
AllthingsTimesketch
This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.
amsi-tracer
Leverage AMSI (Antimalware Scan Interface) technology to aid your analysis. This tool saves all buffers (scripts, .NET assemblies, etc) passed into AMSI during dynamic execution.
auditd
Best Practice Auditd Configuration
Aurora-Incident-Response
Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders
auto-unlocker
Unlocker for VMWare macOS
awesome-memory-forensics
A curated list of awesome Memory Forensics for DFIR
Awesome-Search-Engines-for-Cybersecurity-Researchers
Awesome list of Search Engines for Cybersecurity Researchers
Awesome_Incident_Response
Awesome Incident Response
bitscout
Remote forensics meta tool
herootx's Repositories
herootx/AllthingsTimesketch
This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.
herootx/auditd
Best Practice Auditd Configuration
herootx/Aurora-Incident-Response
Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders
herootx/bitscout
Remote forensics meta tool
herootx/bmc-tools
RDP Bitmap Cache parser
herootx/bulk_extractor
This is the development tree. Production downloads are at:
herootx/capa
The FLARE team's open-source tool to identify capabilities in executable files.
herootx/CloudFlair
🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
herootx/container-diff
container-diff: Diff your Docker containers
herootx/diffoci
diff for Docker and OCI container images
herootx/docker-elk
The Elastic stack (ELK) powered by Docker and Compose.
herootx/elasticsearch-dump
Import and export tools for elasticsearch & opensearch
herootx/elasticsearch-plaso-pipelines
Elasticsearch pipelines for processing and enriching plaso data
herootx/EnScript-Samples
This repository is a collection of EnScript code samples for use in the OpenText EnCase application.
herootx/IPED
IPED Digital Forensic Tool. It is an open source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by private examiners.
herootx/jamfprotect
A repository for open-source resources created for use with or alongside Jamf Protect.
herootx/ote
Generate Email, Register for anything, Get the OTP/Link
herootx/porch-pirate
Porch Pirate is the most comprehensive Postman recon / OSINT client and framework that facilitates the automated discovery and exploitation of API endpoints and secrets committed to workspaces, collections, requests, users and teams. Porch Pirate can be used as a client or be incorporated into your own applications.
herootx/RetrievIR
PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.
herootx/salt-states
This repository maintains the SaltStack state files for the REMnux distro.
herootx/SysmonForLinux
herootx/Telerecon
A reconnaissance framework for researching and investigating Telegram.
herootx/TheDFIRThing
herootx/threat-intel
Signatures and IoCs from public Volexity blog posts.
herootx/timesketch
Collaborative forensic timeline analysis
herootx/toolkit
The essential toolkit for reversing, malware analysis, and cracking
herootx/uac
UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
herootx/volatility3-docker
Volatility, on Docker 🐳
herootx/Windows-Lateral-Movement-Through-EDR
herootx/Windows-Symbol-Tables
Windows symbol tables for Volatility 3