A timestamp and date decoder written for python 3

Documentation and parsers for different anti-virus quarantine formats.

Windows Events Attack Samples

Cobalt Strike Malleable C2 Design and Reference Guide

CloudTracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies.

CloudMapper helps you analyze your Amazon Web Services (AWS) environments.

Terminal Service (RDP) Security Editor

Windows Security Descriptor Definition Language (SDDL) parser and formatter

A macOS enumeration tool inspired by harmjoy's Windows-based Seatbelt enumeration tool. Author: Cedric Owens

AutoMacTC: Automated Mac Forensic Triage Collector

Parser for OSX/iOS FSEvents Logs

Apple Pattern of Life Lazy Output'er

Code sign iOS applications, without proprietary Apple software or hardware

It might be the quickest cross-platform codesign alternative for iOS 12+, supporting macOS, Linux, Windows, and more features.

Query and report user logons relations from MS Windows Security Events

Collection of SQL query templates for digital forensics use by platform and application.

Community guide to securing and improving privacy on macOS.

Hunting IOCs all day every day...

Client API to query any Passive DNS implementation following the Passive DNS - Common Output Format.

IOC (Indicator of Compromise) Extractor: a program to help extract IOCs from text files.

Extract SEP VBN quarantine files

Tool to help analyze PDF files

Multiple rules for yara-project for detect compiler/packer/protector

ircollect

analyzeMFT.py is designed to fully parse the MFT file from an NTFS filesystem and present the results as accurately as possible in multiple formats.