hashlookup-forensic-analyser
PurpleCloud
Our great sponsors
| hashlookup-forensic-analyser | PurpleCloud | |
|---|---|---|
| 5 | 1 | |
| 113 | 472 | |
| 1.8% | - | |
| 5.5 | 5.5 | |
| 7 months ago | about 2 months ago | |
| Python | Python | |
| GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
hashlookup-forensic-analyser
- hashlookup-forensic-analyser: Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/
- Hashlookup-Forensic-Analyser
- Hashlookup forensic analyser version 0.8 released including a report functionality
- Hashlookup forensic analyser – finding known files for digital forensic triage
PurpleCloud
-
Anyone have experience building a Windows AD lab environment in Docker?
We looked into pre-configured, plug-and-play options. One project (leveraging Ansible) is called PurpleCloud. Probably because running even a handful of Windows VMs on a PC can get pretty slow, pretty fast, their project spins this network up on Azure. However, the estimated monthly cost of the cloud resources is not attractive; over $300 per month. While it's true that we would not need to run the lab every day resulting in lower cost, I think we would want to run new tests fairly often, especially if multiple analysts are using it (and I already know the burn of forgetting an EC2 instance on for a week or two).
What are some alternatives?
APT-Hunter - APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
invoke-atomicredteam - Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team project.
threathunting - A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
OpenSIEM-Logstash-Parsing - SIEM Logstash parsing for more than hundred technologies
RELY - RELY (Name composed on project members Romy, Esther, Lucille and Yassir) is a python tool developed to help a Digital Forensics Triage procedure on some Microsoft Windows devices.
jupyter2kibana - A Workflow for Data Scientists to bring Jupyter Notebook Visualizations to Kibana Dashboards
python-bloom-filter - Bloom filter for Python
ansible-pentest-deploy - Using Ansible as an orchestrator, this project is another solution for testers looking to configure and deploy a new VM or VPS box with the tools that they need for penetration testing.
misp-warninglists - Warning lists to inform users of MISP about potential false-positives or other information in indicators