Overview Graylog provides answers to your team’s security, application, and IT infrastructure questions by enabling you to combine, enrich, correlate, query, and visualize all your log data in one...
Awesome GitHub Links
These repositories contain lists of various cybersecurity tools, resources, and libraries that are considered particularly useful or noteworthy by the community. They are a good starting point for ...
Incident Timelines
Overview Timelines are an important tool in incident response and digital forensics for understanding the sequence of events that have occurred on a computer system. They can be used to: Ident...
Markdown Overview
Overview If you’re a web developer, you’ve probably heard of Markdown. It’s a popular markup language that’s used to format text on the web. Whether you’re writing a blog post, creating documentat...
Memory Forensics Overview
Overview Memory forensics is a branch of digital forensics that involves analyzing a computer’s memory dump (or RAM) to uncover evidence of cyber attacks, malicious activity, and other issues. It ...
MrKaplan
Overview MrKaplan is a tool aimed to help red teamers stay hidden and clear as much forensic traces as possible. It works by saving information such as the time it ran, under which user and “rever...
Volatility
Overview Volatility is the world’s most widely used framework for extracting digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of...
CAPEC 633 - Token Impersonation
Overview An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impers...
CAPEC 644 - Use of Captured Hashes (Pass The Hash)
Overview When authenticating via LM or NTLM, an authenticating account’s plaintext credentials are not required by the protocols for successful authentication. Instead, the hashed credentials are ...
CAPEC 560 - Use of Known Domain Credentials
Overview Attacks leveraging trusted credentials typically result in the adversary laterally moving within the local network, since users are often allowed to login to systems/applications within t...