tuttimann

tuttimann's Stars

• mandiant/flare-vm

  A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

  Language:PowerShell6.8k202515936

• InQuest/awesome-yara

  A curated list of awesome YARA rules, tools, and people.

  3.6k17615496

• ufrisk/MemProcFS

  MemProcFS

  Language:C3.3k88325408

• Velocidex/velociraptor

  Digging Deeper....

  Language:Go3k751.2k501

• WithSecureLabs/chainsaw

  Rapidly Search and Hunt through Windows Forensic Artefacts

  Language:Rust3k53110269

• Neo23x0/signature-base

  YARA signature and IOC database for my scanners and tools

  Language:YARA2.5k19797605

• Yamato-Security/hayabusa

  Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

  Language:Rust2.4k41676209

• DidierStevens/DidierStevensSuite

  Please no pull requests for this repository. Thanks!

  Language:Python2.1k1280536

• CYB3RMX/Qu1cksc0pe

  All-in-One malware analysis tool.

  Language:YARA1.4k3032188

• redcanaryco/invoke-atomicredteam

  Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team project.

  Language:PowerShell8705562201

• Neo23x0/munin

  Online hash checker for Virustotal and other services

  Language:Python8174242149

• evild3ad/MemProcFS-Analyzer

  MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR

  Language:PowerShell559243660

• evild3ad/Microsoft-Analyzer-Suite

  A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID

  Language:PowerShell38614443

• vm32/Linux-Incident-Response

  practical toolkit for cybersecurity and IT professionals. It features a detailed Linux cheatsheet for incident response

  Language:Shell3846156

• jschicht/Mft2Csv

  Extract $MFT record info and log it to a csv file.

  Language:AutoIt263221230

• evild3ad/Collect-MemoryDump

  Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR

  Language:PowerShell2226229

• jschicht/LogFileParser

  Parser for $LogFile on NTFS

  Language:AutoIt19221428

• jschicht/UsnJrnl2Csv

  Parser for $UsnJrnl on NTFS

  Language:AutoIt10816115

• jschicht/ExtractUsnJrnl

  Tool to extract the $UsnJrnl from an NTFS volume

  Language:AutoIt10513720

• AndrewRathbun/KAPE-EZToolsAncillaryUpdater

  A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhance the output of those tools

  Language:PowerShell5410145

• CyberCX-DFIR/usnjrnl_rewind

  USN Journal full path builder

  Language:Python49324

• AndrewRathbun/DFIRPowerShellScripts

  Various PowerShells scripts I've made (or others have made) to automate some of the boring stuff in my everyday DFIR journey!

  Language:PowerShell443715

• jschicht/Indx2Csv

  An advanced parser for INDX records

  Language:AutoIt27504

• 13Cubed/SharpAbeebus

  A GeoIP lookup utility utilizing ipinfo.io services.

  Language:C#21203

• jschicht/MftCarver

  Carve $MFT records from a chunk of data (for instance a memory dump)

  Language:AutoIt16304

• jschicht/UsnJrnlCarver

  Carving Usn pages (UsnJrnl records)

  Language:AutoIt10501

• jschicht/IndxCarver

  Carve INDX records from a chunk of data.

  Language:AutoIt9302