xGolani

xGolani's Stars

• ydkhatri/UnifiedLogReader

  A parser for Unified logging tracev3 files

  Language:Python7916

• mandiant/macos-UnifiedLogs

  Language:Rust20414

• ydkhatri/mac_apt

  macOS (& ios) Artifact Parsing Tool

  Language:Python761100

• CrowdStrike/automactc

  AutoMacTC: Automated Mac Forensic Triage Collector

  Language:Python52174

• cyb3rmik3/KQL-threat-hunting-queries

  A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).

  54559

• WithSecureLabs/LinuxCatScale

  Incident Response collection and processing scripts with automated reporting scripts

  Language:Shell25747

• Azure/Azure-Sentinel

  Cloud-native SIEM for intelligent security analytics for your entire enterprise.

  Language:Jupyter Notebook4.5k3k

• vm32/Linux-Incident-Response

  practical toolkit for cybersecurity and IT professionals. It features a detailed Linux cheatsheet for incident response

  Language:Shell35650

• mark-hallman/plaso_filters

  Scripts to facilitate filtering with Plaso

  12425

• log2timeline/plaso

  Super timeline all the things

  Language:Python1.7k334

• microsoft/avml

  AVML - Acquire Volatile Memory for Linux

  Language:Rust85078

• davehull/Kansa

  A Powershell incident response framework

  Language:PowerShell1.5k265

• enigma0x3/Misc-PowerShell-Stuff

  random powershell goodness

  Language:PowerShell440163

• Wra7h/SharpGhosting

  Process Ghosting in C#

  Language:C#21140

• keowu/BadRentdrv2

  A vulnerable driver exploited by me (BYOVD) that is capable of terminating several EDRs and antivirus software in the market, rendering them ineffective, working for both x32 and x64(CVE-2023-44976).

  Language:Hack8214

• stuxnet999/EventTranscriptParser

  Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)

  Language:Python676

• strozfriedberg/sidr

  Search Index Database Reporter

  Language:Rust875

• Psmths/windows-forensic-artifacts

  Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!

  24925

• jsecurity101/Detecting-Process-Injection-Techniques

  This is a repository that is meant to hold detections for various process injection techniques.

  Language:Jupyter Notebook3210

• Infocyte/PSHunt

  Powershell Threat Hunting Module

  Language:PowerShell27466

• tsale/EDR-Telemetry

  This project aims to compare and evaluate the telemetry of various EDR products.

  Language:Python1.5k144

• gtworek/PSBits

  Simple (relatively) things allowing you to dig a bit deeper than usual.

  Language:C3.2k520

• CiscoCXSecurity/NeoPI

  Language:Python476125

• tstillz/webshell-analyzer

  Web shell scanner and analyzer.

  Language:Go10125

• emposha/Shell-Detector

  Shell Detector – is a application that helps you find and identify php/cgi(perl)/asp/aspx shells. Shell Detector has a “web shells” signature database that helps to identify “web shell” up to 99%.

  Language:Python401148

• hasherezade/hollows_hunter

  Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

  Language:C2k250

• tclahr/uac

  UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

  Language:Shell742115

• tstillz/webshell-scan

  Simple web shell scanner written in Golang.

  Language:Go8622

• xl7dev/WebShell

  Webshell && Backdoor Collection

  Language:PHP1.8k1k

• Abyss-W4tcher/volatility3-symbols

  Collection of Linux and macOS Volatility3 Intermediate Symbol Files (ISF), suitable for memory analysis 🔍

  Language:Python5312