Awesome List Updates on Oct 03, 2018

19 awesome lists updated today.

🏠 Home · 🔍 Search · 🔥 Feed · 📮 Subscribe · ❤️ Sponsor

1. Awesome Embedded Rust

Board support crates / STMicroelectronics

stm32f407g-disc Board Support Crate for the STM32F4DISCOVERY (WIP) -

stm32f429i-disc Board Support Crate for the STM32F429DISCOVERY (WIP) -

2. Awesome Db Tools

CLI

pg_activity (⭐2.3k) - Top-like application for PostgreSQL server activity monitoring.

3. Awesome Incident Response

IR Tools Collection / Adversary Emulation

APTSimulator (⭐2.3k) - Windows Batch script that uses a set of tools and output files to make a system look as if it was compromised.

Caldera (⭐5k) - Automated adversary emulation system that performs post-compromise adversarial behavior within Windows Enterprise networks. It generates plans during operation using a planning system and a pre-configured adversary model based on the Adversarial Tactics, Techniques & Common Knowledge (ATT&CK™) project.

DumpsterFire (⭐955) - Modular, menu-driven, cross-platform tool for building repeatable, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations.

Metta (⭐1.1k) - Information security preparedness tool to do adversarial simulation.

Network Flight Simulator (⭐1.2k) - Lightweight utility used to generate malicious network traffic and help security teams to evaluate security controls and network visibility.

RedHunt-OS (⭐1.2k) - Virtual machine for adversary emulation and threat hunting.

IR Tools Collection / All-In-One Tools

Belkasoft Evidence Center - The toolkit will quickly extract digital evidence from multiple sources by analyzing hard drives, drive images, memory dumps, iOS, Blackberry and Android backups, UFED, JTAG and chip-off dumps.

CimSweep (⭐633) - Suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows.

CIRTkit (⭐140) - CIRTKit is not just a collection of tools, but also a framework to aid in the ongoing unification of Incident Response and Forensics investigation processes.

Doorman (⭐612) - osquery fleet manager that allows remote management of osquery configurations retrieved by nodes. It takes advantage of osquery's TLS configuration, logger, and distributed read/write endpoints, to give administrators visibility across a fleet of devices with minimal overhead and intrusiveness.

Falcon Orchestrator (⭐182) - Extendable Windows-based application that provides workflow automation, case management and security response functionality.

MozDef (⭐2.2k) - Automates the security incident handling process and facilitate the real-time activities of incident handlers.

Open Computer Forensics Architecture - Another popular distributed open-source computer forensics framework. This framework was built on Linux platform and uses postgreSQL database for storing data.

osquery - Easily ask questions about your Linux and macOS infrastructure using a SQL-like query language; the provided incident-response pack helps you detect and respond to breaches.

Redline - Provides host investigative capabilities to users to find signs of malicious activity through memory and file analysis, and the development of a threat assessment profile.

The Sleuth Kit & Autopsy - Unix and Windows based tool which helps in forensic analysis of computers. It comes with various tools which helps in digital forensics. These tools help in analyzing disk images, performing in-depth analysis of file systems, and various other things.

TheHive - Scalable 3-in-1 open source and free solution designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly.

X-Ways Forensics - Forensics tool for Disk cloning and imaging. It can be used to find deleted files and disk analysis.

Zentral (⭐714) - Combines osquery's powerful endpoint inventory features with a flexible notification and action framework. This enables one to identify and react to changes on OS X and Linux clients.

IR Tools Collection / Windows Evidence Collection

Cyber Triage - Cyber Triage has a lightweight collection tool that is free to use. It collects source files (such as registry hives and event logs), but also parses them on the live host so that it can also collect the executables that the startup items, scheduled, tasks, etc. refer to. It's output is a JSON file that can be imported into the free version of Cyber Triage. Cyber Triage is made by Sleuth Kit Labs, which also makes Autopsy.

AChoir (⭐175) - Framework/scripting tool to standardize and simplify the process of scripting live acquisition utilities for Windows.

Crowd Response - Lightweight Windows console application designed to aid in the gathering of system information for incident response and security engagements. It features numerous modules and output formats.

Fibratus (⭐2k) - Tool for exploration and tracing of the Windows kernel.

Panorama (⭐38) - Fast incident overview on live Windows systems.

PowerForensics (⭐1.3k) - Live disk forensics platform, using PowerShell.

PSRecon (⭐469) - PSRecon gathers data from a remote Windows host using PowerShell (v2 or later), organizes the data into folders, hashes all extracted data, hashes PowerShell and various system properties, and sends the data off to the security team. The data can be pushed to a share, sent over email, or retained locally.

IR Tools Collection / Disk Image Creation Tools

AccessData FTK Imager - Forensics tool whose main purpose is to preview recoverable data from a disk of any kind. FTK Imager can also acquire live memory and paging file on 32bit and 64bit systems.

GetData Forensic Imager - Windows based program that will acquire, convert, or verify a forensic image in one of the following common forensic file formats.

Guymager - Free forensic imager for media acquisition on Linux.

IR Tools Collection / Evidence Collection

bulk_extractor (⭐957) - Computer forensics tool that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures. Because of ignoring the file system structure, the program distinguishes itself in terms of speed and thoroughness.

Cold Disk Quick Response (⭐325) - Streamlined list of parsers to quickly analyze a forensic image file (dd, E01, .vmdk, etc) and output nine reports.

ir-rescue (⭐445) - Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

IR Tools Collection / Incident Management

CyberCPR - Community and commercial incident management tool with Need-to-Know built in to support GDPR compliance while handling sensitive incidents.

Fast Incident Response (FIR) (⭐1.6k) - Cybersecurity incident management platform designed with agility and speed in mind. It allows for easy creation, tracking, and reporting of cybersecurity incidents and is useful for CSIRTs, CERTs and SOCs alike.

RTIR - Request Tracker for Incident Response (RTIR) is the premier open source incident handling system targeted for computer security teams. We worked with over a dozen CERT and CSIRT teams around the world to help you handle the ever-increasing volume of incident reports. RTIR builds on all the features of Request Tracker.

threat_note (⭐422) - Lightweight investigation notebook that allows security researchers the ability to register and retrieve indicators related to their research.

IR Tools Collection / Linux Distributions

The Appliance for Digital Investigation and Analysis (ADIA) - VMware-based appliance used for digital investigation and acquisition and is built entirely from public domain software. Among the tools contained in ADIA are Autopsy, the Sleuth Kit, the Digital Forensics Framework, log2timeline, Xplico, and Wireshark. Most of the system maintenance uses Webmin. It is designed for small-to-medium sized digital investigations and acquisitions. The appliance runs under Linux, Windows, and Mac OS. Both i386 (32-bit) and x86_64 (64-bit) versions are available.

Computer Aided Investigative Environment (CAINE) - Contains numerous tools that help investigators during their analysis, including forensic evidence collection.

CCF-VM (⭐480) - CyLR CDQR Forensics Virtual Machine (CCF-VM): An all-in-one solution to parsing collected data, making it easily searchable with built-in common searches, enable searching of single and multiple hosts simultaneously.

NST - Network Security Toolkit - Linux distribution that includes a vast collection of best-of-breed open source network security applications useful to the network security professional.

Security Onion (⭐3k) - Special Linux distro aimed at network security monitoring featuring advanced analysis tools.

SANS Investigative Forensic Toolkit (SIFT) Workstation - Demonstrates that advanced incident response capabilities and deep dive digital forensic techniques to intrusions can be accomplished using cutting-edge open-source tools that are freely available and frequently updated.

IR Tools Collection / Log Analysis Tools

StreamAlert (⭐2.8k) - Serverless, real-time log data analysis framework, capable of ingesting custom data sources and triggering alerts using user-defined logic.

IR Tools Collection / Memory Analysis Tools

Evolve (⭐257) - Web interface for the Volatility Memory Forensics Framework.

inVtero.net (⭐276) - Advanced memory analysis for Windows x64 with nested hypervisor support.

LiME (⭐1.6k) - Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, formerly called DMD.

Memoryze - Free memory forensic software that helps incident responders find evil in live memory. Memoryze can acquire and/or analyze memory images, and on live systems, can include the paging file in its analysis.

Responder PRO - Responder PRO is the industry standard physical memory and automated malware analysis solution.

Volatility (⭐6.8k) - Advanced memory forensics framework.

VolatilityBot (⭐260) - Automation tool for researchers cuts all the guesswork and manual tasks out of the binary extraction phase, or to help the investigator in the first steps of performing a memory analysis investigation.

VolDiff (⭐189) - Malware Memory Footprint Analysis based on Volatility.

IR Tools Collection / Memory Imaging Tools

Belkasoft Live RAM Capturer - Tiny free forensic tool to reliably extract the entire content of the computer’s volatile memory – even if protected by an active anti-debugging or anti-dumping system.

Linux Memory Grabber (⭐257) - Script for dumping Linux memory and creating Volatility profiles.

Magnet RAM Capture - Free imaging tool designed to capture the physical memory of a suspect’s computer. Supports recent versions of Windows.

IR Tools Collection / OSX Evidence Collection

macOS Artifact Parsing Tool (mac_apt) (⭐690) - Plugin based forensics framework for quick mac triage that works on live machines, disk images or individual artifact files.

OSX Auditor (⭐3.1k) - Free Mac OS X computer forensics tool.

OSX Collector (⭐1.9k) - OSX Auditor offshoot for live response.

IR Tools Collection / Other Lists

List of various Security APIs (⭐826) - Collective list of public JSON APIs for use in security.

IR Tools Collection / Other Tools

Crits - Web-based tool which combines an analytic engine with a cyber threat database.

Diffy (⭐633) - DFIR tool developed by Netflix's SIRT that allows an investigator to quickly scope a compromise across cloud instances (Linux instances on AWS, currently) during an incident and efficiently triaging those instances for followup actions by showing differences against a baseline.

domfind (⭐20) - Python DNS crawler for finding identical domain names under different TLDs.

Fileintel (⭐112) - Pull intelligence per file hash.

HELK (⭐3.7k) - Threat Hunting platform.

Hindsight (⭐982) - Internet history forensics for Google Chrome/Chromium.

Hostintel (⭐257) - Pull intelligence per host.

imagemounter (⭐109) - Command line utility and Python package to ease the (un)mounting of forensic disk images.

RaQet - Unconventional remote acquisition and triaging tool that allows triage a disk of a remote computer (client) that is restarted with a purposely built forensic operating system.

Stalk - Collect forensic data about MySQL when problems occur.

Stenographer (⭐1.8k) - Packet capture solution which aims to quickly spool all packets to disk, then provide simple, fast access to subsets of those packets. It stores as much history as it possible, managing disk usage, and deleting when disk limits are hit. It's ideal for capturing the traffic just before and during an incident, without the need explicit need to store all of the network traffic.

sqhunter (⭐65) - Threat hunter based on osquery and Salt Open (SaltStack) that can issue ad-hoc or distributed queries without the need for osquery's tls plugin. sqhunter allows you to query open network sockets and check them against threat intelligence sources.

X-Ray 2.0 - Windows utility (poorly maintained or no longer maintained) to submit virus samples to AV vendors.

IR Tools Collection / Playbooks

IRM (⭐804) - Incident Response Methodologies by CERT Societe Generale.

IR Tools Collection / Process Dump Tools

PMDump - Tool that lets you dump the memory contents of a process to a file without stopping the process.

IR Tools Collection / Sandboxing/Reversing Tools

Cuckoo-modified (⭐386) - Heavily modified Cuckoo fork developed by community.

Cuckoo-modified-api (⭐18) - Python library to control a cuckoo-modified sandbox.

Mastiff (⭐169) - Static analysis framework that automates the process of extracting key characteristics from a number of different file formats.

Viper (⭐1.5k) - Python based binary analysis and management framework, that works well with Cuckoo and YARA.

Virustotal - Free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners.

Visualize_Logs (⭐134) - Open source visualization library and command line tools for logs (Cuckoo, Procmon, more to come).

IR Tools Collection / Timeline Tools

Highlighter - Free Tool available from Fire/Mandiant that will depict log/text file that can highlight areas on the graphic, that corresponded to a key word or phrase. Good for time lining an infection and what was done post compromise.

Morgue (⭐1k) - PHP Web app by Etsy for managing postmortems.

Plaso (⭐1.6k) - a Python-based backend engine for the tool log2timeline.

Timesketch (⭐2.4k) - Open source tool for collaborative forensic timeline analysis.

IR Tools Collection / Videos

The Future of Incident Response - Presented by Bruce Schneier at OWASP AppSecUSA 2015.

4. Awesome Netherlands Events

Rotterdam

EuRuKo - An annual European conference about Ruby (2019).

Amsterdam

Lead Developers Amsterdam - For Lead Developers, Tech Leads, Chapter Leads and Senior Engineers heading towards Lead positions.

DevOps Day Amsterdam - Development, operations, QA, InfoSec, management, and leadership.

5. Awesome Machine Learning

Java / General-Purpose Machine Learning

liblinear-java (⭐308) - Java version of liblinear.

6. Alternative Internet

Collaborative Web Editors

Kune is based on Apache Wave and is a free/open source distributed social network focused on collaboration rather than just on communication. That is, it focuses on online real-time collaborative editing, decentralized social networking and web publishing, while focusing on workgroups rather than just on individuals.

SwellRT is a Real-time text editor and collaboration API for HTML/JavaScript and Android. It is the only open source decentralized-federated framework to build collaborative applications.

7. Awesome Board Games

Family

Ticket to Ride

...a cross-country train adventure where players collect cards of various types of train cars that enable them to claim railway routes connecting cities in various countries around the world.

Players	Min. Age	Time
2 - 5	8	30-60m

Strategy

Mansions of Madness, 2nd ed

A fully cooperative, app-driven board game of horror and mystery for one to five players that takes place in the same universe as Eldritch Horror and Elder Sign. Explore the veiled streets of Innsmouth and the haunted corridors of Arkham's cursed mansions as you search for answers as you investigate four scenarios of fear and mystery. Collect weapons, tools, and information, solving complex puzzles, and fighting monsters, insanity, and death.

Mansions of Madness game image

Players	Min. Age	Time
1 - 5	14	120-180m

Party

Heist: One Team, One Mission

In this co-operative electronic game, players take on the roles of different characters -- Money Man, Hacker, Lookout, or Explosives Expert -- and work together to open an electronic safe and grab $50 million in cold hard cash along the way.

Heist game image

Players	Min. Age	Time
2 - 4	7	5-15m

8. Awesome Salesforce

Table of Contents / Packages and Libraries supporting salesforce

Force DI (⭐203) - Generic dependency injection (DI) library with support for injecting Apex, Visualforce, Lightning, and Flows at runtime.

9. Awesome Rest

Querying / Symfony2

HTTP Prompt (⭐8.7k) - HTTP Prompt is an interactive command-line HTTP client featuring autocomplete and syntax highlighting, built on HTTPie and prompt_toolkit.