The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

The interactive graphing library for Python ✨ This project now includes Plotly Express!

An advanced memory forensics framework

The FLARE team's open-source tool to identify capabilities in executable files.

Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique present…

FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.

Collaborative forensic timeline analysis

Volatility 3.0 development

Rekall Memory Forensic Framework

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

Super timeline all the things

Actionable analytics designed to combat threats

Logging Made Easy (LME) is a no-cost and open logging and protective monitoring solution serving all organizations.

FATT /fingerprintAllTheThings - a pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic

Cuckoo 3 is a Python 3 open source automated malware analysis system.

Python library to parse and convert Sigma rules into queries (and whatever else you could imagine)

Yet another Ransomware gang tracker

A framework for orchestrating forensic collection, processing and data export

DFIQ is a collection of investigative questions and the approaches for answering them

Detect AI-generated text [relatively] quickly via compression ratios

Open Discourse is the first fully comprehensive corpus of the plenary proceedings of the federal German Parliament (Bundestag).

🔤 Measure edit distance based on keyboard layout

companion to our book of the same name, ISBN: 9781394199884

Converting data from services like Censys and Shodan to a common data model

FLARE floss applied to all unpacked+dumped samples in Malpedia, pre-processed for further use.

pySigma Elasticsearch backend

Cisco IOS XE implant scanning & detection (CVE-2023-20198, CVE-2023-20273)

This project is to score IoCs based on the LowRegret model.