incident-response
Assistance aux victimes de cybermalveillance.
Les experts en gestion de crise cyber du Comcyber-MI appuyés par les réservistes de la gendarmerie nationale se sont associés à Cybermalveillance.gouv.fr pour accompagner les petites et moyennes entreprises, associations et collectivités à faire face aux cyberattaques. Ce MOOC comprend des outils et conseils simples à mettre en oeuvre pour mettre en place ou améliorer le dispositif de gestion de crise cyber au sein de votre organisation.
A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.
ForensicMiner, a PowerShell-based DFIR automation tool, revolutionizes the field of digital investigations. Designed for efficiency, it automates artifact and evidence collection from Windows machines. Compatibility with Flacon Crowdstrike RTR and Palo Alto Cortex XDR Live Terminal, along with its swift performance and user-friendly interface, makes ForensicMiner an indispensable asset for investigators navigating the complexities of forensic analysis. Streamlined and effective, this tool sets a new standard in the realm of digital forensics.
Enterprise Incident Response Toolkit.
Cross-platform incident response toolkit. 28 pre-built use cases, single binary, zero install. Memory, disk, network, and cloud collection with automated timeline generation.
Cross-platform DFIR toolkit for enterprise incident response. Velociraptor-native, air-gap compatible, portable — no installation required.
VanGuard is a self-contained incident response toolkit built in Go that gives DFIR teams a single binary for triage, threat hunting, memory forensics, disk collection, remote operations, and Velociraptor management — on both Windows and Linux, with or without network access.
Kanvas for Incident Response.
A DF/IR case management tool that provides a unified workspace for investigators enabling key workflows to be completed without switching between multiple applications.
a Scalable, Open Source and Free Security Incident Response Platform.
TheHive is a scalable 3-in-1 open source and free Security Incident Response Platform designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly. It is the perfect companion to MISP. You can synchronize it with one or multiple MISP instances to start investigations out of MISP events. You can also export an investigation's results as a MISP event to help your peers detect and react to attacks you've dealt with. Additionally, when TheHive is used in conjunction with Cortex, security analysts and researchers can easily analyze tens if not hundred of observables.
Source: Savez-vous ce qui est un OpenVOC ? @ Florian Dudaev's LinkedIn :fr:.
Incident Management for Everyone. crisis management orchestration framework.
Open-source hospital crisis management platform — multi-site, multi-language.
It is a complete, mature, ready-to-deploy platform that gives crisis directors, CISOs, medical coordinators, and supervisors the structured information they need — without requiring a cloud, a vendor contract, or a six-month integration project.
Related contents:
FIRST is the premier organization and recognized global leader in incident response. Membership in FIRST enables incident response teams to more effectively respond to security incidents - reactive as well as proactive.
FIRST brings together a variety of computer security incident response teams from government, commercial, and educational organizations. FIRST aims to foster cooperation and coordination in incident prevention, to stimulate rapid reaction to incidents, and to promote information sharing among members and the community at large.
Untitled Goose Tool is a robust and flexible hunt and incident response tool that adds novel authentication and data gathering methods in order to run a full investigation against a customer’s Azure Active Directory (AzureAD), Azure, and M365 environments. Untitled Goose Tool gathers additional telemetry from Microsoft Defender for Endpoint (MDE) and Defender for Internet of Things (IoT) (D4IoT).
Powershell Based tool for gathering information related to O365 intrusions and potential Breaches
Lambda function that streamlines containment of an AWS account compromise.
AWS Kill Switch is a Lambda function (and proof of concept client) that an organization can implement in a dedicated "Security" account to give their security engineers the ability to delete IAM roles or apply a highly restrictive service control policy (SCP) on any account in their organization.
All-in-One malware analysis tool.
All-in-One malware analysis tool for analyze many file types, from Windows binaries to E-Mail files.
Collaborative forensic timeline analysis.
Timesketch is an open-source tool for collaborative forensic timeline analysis. Using sketches you and your collaborators can easily organize your timelines and analyze them all at the same time. Add meaning to your raw data with rich annotations, comments, tags and stars.
Velociraptor is an advanced digital forensic and incident response tool that enhances your visibility into your endpoints.
Velociraptor is a tool for collecting host based state information using The Velociraptor Query Language (VQL) queries.
Stop trying to avoid phishing. Choose a weapon and fight it...
PhishTool gives human analysts the power to reverse engineer phishing emails, to better defend against them. PhishTool is to phishing emails as a disassembler is to malware or a forensic toolkit is to file systems.
Open-Source Collaborative Incident Response Platform. Created by incident responders for incident responders.
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations.
An open-source incident management tool supporting multi-channel alerting, customizable messages, and on-call integrations.