🏴☠️ BST is an ever-evolving collection of 🛠 tools to help in security and administration day to day tasks 😉
-
Updated
May 29, 2024 - Python
🏴☠️ BST is an ever-evolving collection of 🛠 tools to help in security and administration day to day tasks 😉
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Forensic Artifacts Collecting Toolset
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Your Everyday Threat Intelligence
UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
Warning lists to inform users of MISP about potential false-positives or other information in indicators
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.
A curated list of tools for incident response. With repository stars⭐ and forks🍴
IntelOwl: manage your Threat Intelligence at scale
A cross platform forensic parser written in Rust!
Cryptocurrency Triage Tool - Identify multiple cryptocurrency addresses and transactions from various wallet applications!
Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" macOS binaries and how they can be used by threat actors for malicious purposes.
Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and environment variables. Dumps, detects and dissasemble hooks, shellcode, memory regions, modules and processes.
Add a description, image, and links to the dfir topic page so that developers can more easily learn about it.
To associate your repository with the dfir topic, visit your repo's landing page and select "manage topics."