FastFinder – Incident Response – Fast Suspicious File Finder

FastFinder is a lightweight tool made for threat hunting, live forensics and triage on both Windows and Linux Platforms. It is focused on endpoint enumeration and suspicious file finding based on various criterias: file path / name md5 / sha1 / sha256 checksum simple string content match complex content condition(s) based on YARA Ready forRead More

Talisman – By Hooking Into The Pre-Push Hook Provided By Git, Talisman Validates The Outgoing Changeset For Things That Look Suspicious

A tool to detect and prevent secrets from getting checked in What is Talisman? Talisman is a tool that installs a hook to your repository to ensure that potential secrets or sensitive information do not leave the developer’s workstation. It validates the outgoing changeset for things that look suspicious – such as potential SSH keys,Read More

APT-Hunter – Threat Hunting Tool For Windows Event Logs Which Made By Purple Team Mindset To Provide Detect APT Movements Hidden In The Sea Of Windows Event Logs To Decrease The Time To Uncover Suspicious Activity

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity . this tool will make a good use of the windows event logs collected and make sure to notRead More

SkyWrapper – Tool That Helps To Discover Suspicious Creation Forms And Uses Of Temporary Tokens In AWS

SkyWrapper is an open-source project which analyzes behaviors of temporary tokens created in a given AWS account. The tool is aiming to find suspicious creation forms and uses of temporary tokens to detect malicious activity in the account. The tool analyzes the AWS account, and creating an excel sheet includes all the currently living temporaryRead More

X