PurpleCloud
hashlookup-forensic-analyser
PurpleCloud | hashlookup-forensic-analyser | |
---|---|---|
1 | 5 | |
481 | 116 | |
- | 3.4% | |
5.5 | 5.5 | |
3 months ago | 8 months ago | |
Python | Python | |
MIT License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
PurpleCloud
-
Anyone have experience building a Windows AD lab environment in Docker?
We looked into pre-configured, plug-and-play options. One project (leveraging Ansible) is called PurpleCloud. Probably because running even a handful of Windows VMs on a PC can get pretty slow, pretty fast, their project spins this network up on Azure. However, the estimated monthly cost of the cloud resources is not attractive; over $300 per month. While it's true that we would not need to run the lab every day resulting in lower cost, I think we would want to run new tests fairly often, especially if multiple analysts are using it (and I already know the burn of forgetting an EC2 instance on for a week or two).
hashlookup-forensic-analyser
- hashlookup-forensic-analyser: Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/
- Hashlookup-Forensic-Analyser
- Hashlookup forensic analyser version 0.8 released including a report functionality
- Hashlookup forensic analyser – finding known files for digital forensic triage
What are some alternatives?
invoke-atomicredteam - Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team project.
APT-Hunter - APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
OpenSIEM-Logstash-Parsing - SIEM Logstash parsing for more than hundred technologies
threathunting - A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
ansible-pentest-deploy - Using Ansible as an orchestrator, this project is another solution for testers looking to configure and deploy a new VM or VPS box with the tools that they need for penetration testing.
RELY - RELY (Name composed on project members Romy, Esther, Lucille and Yassir) is a python tool developed to help a Digital Forensics Triage procedure on some Microsoft Windows devices.
jupyter2kibana - A Workflow for Data Scientists to bring Jupyter Notebook Visualizations to Kibana Dashboards
python-bloom-filter - Bloom filter for Python
misp-warninglists - Warning lists to inform users of MISP about potential false-positives or other information in indicators