james-baud
Follow
Stars
Sentinel is a language and framework for policy built to be embedded in existing software to enable fine-grained, logic-based policy decisions. This repository contains a library of Sentinel polici…
Six Degrees of Domain Admin
🚀 PSRecon gathers data from a remote Windows host using PowerShell (v2 or later), organizes the data into folders, hashes all extracted data, hashes PowerShell and various system properties, and se…
CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows.
Distributed & real time digital forensics at the speed of the cloud
Empire is a PowerShell and Python post-exploitation agent.
james-baud / rekall
Forked from google/rekallRekall Memory Forensic Framework
james-baud / osxcollector
Forked from Yelp/osxcollectorA forensic evidence collection & analysis toolkit for OS X
[Project ended] rkt is a pod-native container engine for Linux. It is composable, secure, and built on standards.
The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.
Dockerfiles to be used to create Dockerhub trusted builds of NetflixOSS
SQL powered operating system instrumentation, monitoring, and analytics.
Various public documents, whitepapers and articles about APT campaigns
PowerShell scripts for the PoshSec Framework
williballenthin / sleuthkit
Forked from sleuthkit/sleuthkitThe Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools…
Cross-platform, open-source shellbag parser
Tool suite for inspecting NTFS artifacts.
Pure Python parser for Windows Registry hives.
My utils written for Reverse Engineering, mainly in python