Repositories list

• chainsaw

  Public
  Rapidly Search and Hunt through Windows Forensic Artefacts

  rustattacklogs+ 10forensicsdfirsigmablueteamchainsawcounterceptwindows+ 3

  Rust

  •

  GNU General Public License v3.0

  •287•3.2k•11•2•Updated Jul 5, 2025Jul 5, 2025

• Kanvas

  Public
  A simple-to-use IR (incident response) case management tool for tracking and documenting investigations.

  incident-responseincident-managementincident-response-tooling+ 1dfir-tools

  Python

  •

  GNU General Public License v3.0

  •9•55•0•0•Updated Jul 3, 2025Jul 3, 2025

• iocs

  Public
  Python

  •

  BSD 2-Clause "Simplified" License

  •4•15•0•0•Updated Jun 26, 2025Jun 26, 2025

• CallStackSpoofer

  Public
  A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)

  spoofercountercept

  C++

  •

  Apache License 2.0

  •68•502•1•0•Updated Apr 8, 2025Apr 8, 2025

• tau-engine

  Public
  A document tagging library

  yamlrule-enginetau+ 3counterceptdetection-enginerust

  Rust

  •

  MIT License

  •4•30•0•0•Updated Mar 27, 2025Mar 27, 2025

• deject

  Public
  Memory dump and Sample analysis tool

  Python

  •

  GNU General Public License v3.0

  •1•13•0•0•Updated Mar 17, 2025Mar 17, 2025

• mongo-rs

  Public
  A higher-level wrapper on top of the official bson & mongodb crates.

  counterceptrustmongodb

  Rust

  •

  MIT License

  •5•16•5•0•Updated Dec 3, 2024Dec 3, 2024

• python-exe-unpacker

  Public
  A helper script for unpacking and decompiling EXEs compiled from python code.

  unpackercountercept

  Python

  •

  GNU General Public License v3.0

  •341•952•18•4•Updated Aug 15, 2024Aug 15, 2024

• LinuxCatScale

  Public
  Incident Response collection and processing scripts with automated reporting scripts

  linuxcollectionincident-response+ 2triagecountercept

  Shell

  •

  GNU General Public License v3.0

  •56•305•0•0•Updated Jun 25, 2024Jun 25, 2024

• hl7magic

  Public
  A Burp extension to allow for easy modification of HL7 messages sent to and from medical devices.

  Python

  •

  Apache License 2.0

  •2•6•0•0•Updated Mar 25, 2024Mar 25, 2024

• opencti-attribution-tools

  Public
  Python

  •0•0•0•0•Updated Sep 11, 2023Sep 11, 2023

• snake

  Public
  snake - a malware storage zoo

  pythonsnakecountercept

  Shell

  •

  BSD 3-Clause "New" or "Revised" License

  •40•216•4•0•Updated Jul 11, 2023Jul 11, 2023

• snake-skin

  Public
  snake-skin - the web ui for snake

  sveltesnakecountercept

  Svelte

  •3•3•0•20•Updated Jul 11, 2023Jul 11, 2023

• snake-core

  Public
  snake-core - the real snake

  pythonsnakecountercept

  Python

  •

  BSD 3-Clause "New" or "Revised" License

  •6•15•6•6•Updated Jul 11, 2023Jul 11, 2023

• snake-scales

  Public
  snake-scales - the default repository of snake scales

  snakecounterceptsnake-scales+ 1python

  Python

  •

  BSD 3-Clause "New" or "Revised" License

  •4•7•1•0•Updated Jul 10, 2023Jul 10, 2023

• GarbageMan

  Public
  GarbageMan is a set of tools for analyzing .NET binaries through heap analysis.

  C++

  •

  MIT License

  •15•116•0•0•Updated Apr 8, 2023Apr 8, 2023

• datamate

  Public
  netflowdata-visualizationcountercept

  Python

  •2•7•0•0•Updated Mar 24, 2023Mar 24, 2023

• detectree

  Public
  Data visualization for blue teams

  detectionvisualisationsvelte+ 1countercept

  Svelte

  •

  GNU General Public License v3.0

  •5•126•0•0•Updated Jan 20, 2023Jan 20, 2023

• soccrates_adapters

  Public
  Helpers for adapting data from Elements Vulnerability Management to be used in Soccrates EU project

  python

  Python

  •

  Apache License 2.0

  •0•0•0•0•Updated Nov 28, 2022Nov 28, 2022

• TickTock

  Public
  C++

  •16•111•1•0•Updated Oct 10, 2022Oct 10, 2022

• dreamer

  Public
  Easier cloud infrastructure with Terraform and Ansible

  pythonansibledevops+ 2automationterraform

  Python

  •

  MIT License

  •1•4•0•0•Updated Sep 9, 2022Sep 9, 2022

• ESFang

  Public
  ESF modular ingestion tool for development and research.

  countercept

  Objective-C

  •7•36•0•0•Updated Dec 21, 2021Dec 21, 2021

• FLAIR

  Public
  F-Secure Lightweight Acqusition for Incident Response (FLAIR)

  windowsforensicstriage

  Batchfile

  •

  GNU General Public License v3.0

  •1•16•0•0•Updated Jul 5, 2021Jul 5, 2021

• macOSTriageCollectionScript

  Public
  A triage data collection script for macOS

  collectionincident-responsetriage+ 1countercept

  Shell

  •

  GNU General Public License v3.0

  •5•28•0•0•Updated Nov 27, 2020Nov 27, 2020

• lazarus-sigma-rules

  Public
  lazarusrulessigma+ 1countercept

  3•19•0•0•Updated Oct 23, 2020Oct 23, 2020

• snake-tail

  Public
  snake-tail - the command line ui for snake

  snakecountercept

  Python

  •

  BSD 3-Clause "New" or "Revised" License

  •3•1•2•0•Updated Aug 16, 2020Aug 16, 2020

• ppid-spoofing

  Public
  Scripts for performing and detecting parent PID spoofing

  spoofingcountercept

  PowerShell

  •

  BSD 3-Clause "New" or "Revised" License

  •20•147•0•1•Updated May 16, 2020May 16, 2020

• AMSIDetection

  Public
  AMSI detection PoC

  countercept

  C#

  •6•32•0•0•Updated Apr 14, 2020Apr 14, 2020

• RemotePSpy

  Public
  RemotePSpy provides live monitoring of remote PowerShell sessions, which is particularly useful for older (pre-5.0) versions of PowerShell which do not have comprehensive logging facilities built in.

  countercept

  Python

  •

  Other

  •11•19•0•1•Updated Mar 12, 2020Mar 12, 2020

• doublepulsar-detection-script

  Public
  A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.

  scriptsecurity-scannersecurity-tools+ 2doublepulsarcountercept

  Python

  •

  BSD 3-Clause "New" or "Revised" License

  •315•1k•8•3•Updated Feb 3, 2020Feb 3, 2020