👩💻Rapidly Search and Hunt through Windows Forensic Artefacts
Chainsaw provides a powerful ‘first-response’ capability to quickly identify threats within Windows forensic artefacts such as Event Logs and the MFT file. Chainsaw offers a generic and fast method of searching through event logs for keywords, and by identifying threats using built-in support for Sigma detection rules, and via custom Chainsaw detection rules.
ابزار Chainsaw توسط WithSecure Labs توسعه یافته است که به کاربران اجازه می دهد تا به سرعت رکوردهای event log را جستجو، شکار و استخراج کنند.
ویژگی ها و قابلیت های مختلفی را برای تجزیه و تحلیل گزارش رویدادها در پلتفرم های مختلف مانند ویندوز، MacOS و لینوکس فراهم می کند.
این پروژه که بر اساس sigma rules ها به بررسی لاگ ها و بخش های دیگر سیستم های ویندوز می پردازد ، میتواند حملاتی را که signiture مشخصی ندارند شناسایی و گزارش کند.
🔗https://github.com/WithSecureLabs/chainsaw
@hypersec
#windows #forensics
شرکت دانش بنیان سورین
Chainsaw provides a powerful ‘first-response’ capability to quickly identify threats within Windows forensic artefacts such as Event Logs and the MFT file. Chainsaw offers a generic and fast method of searching through event logs for keywords, and by identifying threats using built-in support for Sigma detection rules, and via custom Chainsaw detection rules.
ابزار Chainsaw توسط WithSecure Labs توسعه یافته است که به کاربران اجازه می دهد تا به سرعت رکوردهای event log را جستجو، شکار و استخراج کنند.
ویژگی ها و قابلیت های مختلفی را برای تجزیه و تحلیل گزارش رویدادها در پلتفرم های مختلف مانند ویندوز، MacOS و لینوکس فراهم می کند.
این پروژه که بر اساس sigma rules ها به بررسی لاگ ها و بخش های دیگر سیستم های ویندوز می پردازد ، میتواند حملاتی را که signiture مشخصی ندارند شناسایی و گزارش کند.
🔗https://github.com/WithSecureLabs/chainsaw
@hypersec
#windows #forensics
شرکت دانش بنیان سورین
GitHub
GitHub - WithSecureLabs/chainsaw: Rapidly Search and Hunt through Windows Forensic Artefacts
Rapidly Search and Hunt through Windows Forensic Artefacts - WithSecureLabs/chainsaw
❤2
🔎ForensicTools🔍
forensictools is a toolkit designed for digital forensics, offering a wide array of tools. Its primary goal is to simplify the creation of a virtual environment for conducting forensic examinations.
فهرستی از تمام ابزار هایی که برای فارنزیک ویندوز میتوانید استفاده کنید .
🔗https://cristian.sh/projects/forensictools.html
🔗https://github.com/cristianzsh/forensictools
@hypersec
#Forensics #windows #tools
تیم سورین
forensictools is a toolkit designed for digital forensics, offering a wide array of tools. Its primary goal is to simplify the creation of a virtual environment for conducting forensic examinations.
فهرستی از تمام ابزار هایی که برای فارنزیک ویندوز میتوانید استفاده کنید .
🔗https://cristian.sh/projects/forensictools.html
🔗https://github.com/cristianzsh/forensictools
@hypersec
#Forensics #windows #tools
تیم سورین
GitHub
GitHub - cristianzsh/forensictools: Collection of forensic tools
Collection of forensic tools. Contribute to cristianzsh/forensictools development by creating an account on GitHub.
🔏Digital Forensics Script for Linux🐧
Advanced Bash script for conducting digital forensics on Linux systems
🌐https://github.com/vm32/Digital-Forensics-Script-for-Linux
#linux #forensics
تیم سورین
Advanced Bash script for conducting digital forensics on Linux systems
🌐https://github.com/vm32/Digital-Forensics-Script-for-Linux
#linux #forensics
تیم سورین
GitHub
GitHub - vm32/Digital-Forensics-Script-for-Linux: Advanced Bash script designed for conducting digital forensics on Linux systems
Advanced Bash script designed for conducting digital forensics on Linux systems - vm32/Digital-Forensics-Script-for-Linux
🕵️ OSINT Tools for gathering information and actions forensics 🕵️
🔗https://github.com/danieldurnea/FBI-tools
#OSINT #forensics
تیم سورین
🔗https://github.com/danieldurnea/FBI-tools
#OSINT #forensics
تیم سورین
GitHub
GitHub - danieldurnea/FBI-tools: 🕵️ OSINT Tools for gathering information and actions forensics 🕵️
🕵️ OSINT Tools for gathering information and actions forensics 🕵️ - GitHub - danieldurnea/FBI-tools: 🕵️ OSINT Tools for gathering information and actions forensics 🕵️
👍1
🛠Hayabusa
ابزار Hayabusa یک شکار تهدید مبتنی بر سیگما و تولید کننده جدول زمانی سریع فارنزیک برای Windows event logs است که توسط گروه امنیتی Yamato توسعه یافته است:
• Cross-platform: Works on Windows, Linux, macOS.
• Simplified forensic timelines.
• MITRE ATT&CK tactics mapping.
• Evtx record carving from slack space.
• Parses and extracts from PowerShell classic logs.
• Multi-threaded for up to 5x speed boost.
🔗https://github.com/Yamato-Security/hayabusa
#windows #tools #forensics
تیم سورین
ابزار Hayabusa یک شکار تهدید مبتنی بر سیگما و تولید کننده جدول زمانی سریع فارنزیک برای Windows event logs است که توسط گروه امنیتی Yamato توسعه یافته است:
• Cross-platform: Works on Windows, Linux, macOS.
• Simplified forensic timelines.
• MITRE ATT&CK tactics mapping.
• Evtx record carving from slack space.
• Parses and extracts from PowerShell classic logs.
• Multi-threaded for up to 5x speed boost.
🔗https://github.com/Yamato-Security/hayabusa
#windows #tools #forensics
تیم سورین
GitHub
GitHub - Yamato-Security/hayabusa: Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows…
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs. - Yamato-Security/hayabusa
👍3
🔏Free Digital Forensics Labs, Slides, and Resources!
🔗https://github.com/frankwxu/digital-forensics-lab
#forensics #digital #DFIR
تیم سورین
🔗https://github.com/frankwxu/digital-forensics-lab
#forensics #digital #DFIR
تیم سورین
GitHub
GitHub - frankwxu/digital-forensics-lab: Free hands-on digital forensics labs for students and faculty
Free hands-on digital forensics labs for students and faculty - frankwxu/digital-forensics-lab
❤2
windows forensics.pdf
8.5 MB
👍7❤3🤩1
👩🏼💻hollows_hunter
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
تمام فرآیندهای در حال اجرا را اسکن می کند.
https://github.com/hasherezade/hollows_hunter/
#windows #process #forensics
تیم سورین
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
تمام فرآیندهای در حال اجرا را اسکن می کند.
https://github.com/hasherezade/hollows_hunter/
#windows #process #forensics
تیم سورین
GitHub
GitHub - hasherezade/hollows_hunter: Scans all running processes. Recognizes and dumps a variety of potentially malicious implants…
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches). - hasherezade/hollows_hunter
👍2
Please open Telegram to view this post
VIEW IN TELEGRAM
👍1🤩1
The Volatility Collaborative GUI for Memory Forensics!
#volatility #memory #tools #forensics
تیم سورین
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - LDO-CERT/orochi: The Volatility Collaborative GUI
The Volatility Collaborative GUI. Contribute to LDO-CERT/orochi development by creating an account on GitHub.
Please open Telegram to view this post
VIEW IN TELEGRAM
by Defensive Security v0.1 [17/05/2024]
#linux #forensics
تیم سورین
Please open Telegram to view this post
VIEW IN TELEGRAM
Linkedin
Soorin on LinkedIn: Advanced Linux Detection and Forensics Cheatsheet
Advanced Linux Detection and Forensics Cheatsheet
#linux #forensics
#linux #forensics
•• یک برگه تقلب حجیم در مورد روش های جستجوی اطلاعات در سیستم عامل ویندوز - به منظور شناسایی حوادث مختلف. این مقاله روند متوالی جمع آوری Artifactها را در رایانه شخصی هک شده شرح می دهد. مطالب به شرح زیر است:
• Typical Forensic investigation flow.
• Tools:
- Acquire artifact’s Tools;
- Forensic analysis tools;
- OS / Linux Distros.
• KAPE cheatsheet:
- KAPE target extraction;
- Memory dump;
- Live response command and scanner;
- All in one artifact parsing;
- Event log / log scanning and parsing;
- Program Execution;
- File folder activity;
- NTFS and FileSystem parsing;
- System activity;
- Mounted image scanner.
• Analysis Findings:
- Live Forensics;
- Memory analysis;
- Disk analysis;
- Windows event logs analysis;
- Triage artifacts parsing and analysis;
- Other Artifacts.
• Lateral Movement Detection and Investigation:
- Credential harvesting;
- File sharing;
- Remote login;
- Remote Execution.
#windows #forensics
تیم سورین
Please open Telegram to view this post
VIEW IN TELEGRAM
👍2👌2
👨🏻💻 Awesome Memory Forensics.
➡️ https://github.com/digitalisx/awesome-memory-forensics
#memory #forensics
تیم سورین
#memory #forensics
تیم سورین
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - digitalisx/awesome-memory-forensics: A curated list of awesome Memory Forensics for DFIR
A curated list of awesome Memory Forensics for DFIR - digitalisx/awesome-memory-forensics