LogonTracer

Investigate malicious logon by visualizing and analyzing Windows active directory event logs. LogonTracer uses PageRank and ChangeFinder to detect malicious hosts and accounts from event log. This tool can visualize the following event id related to Windows logon based on this research. 4624: Successful logon 4625: Logon failure 4768: Kerberos Authentication (TGT Request) 4769: Kerberos Service Ticket (ST Request) 4776:…

Moloch: database system

Moloch is an open source, large scale, full packet capturing, indexing, and database system. Moloch augments your current security infrastructure to store and index network traffic in standard PCAP format, providing fast, indexed access. An intuitive and simple web interface is provided for PCAP browsing, searching, and exporting. Moloch exposes APIs which allow for PCAP…

PowerShell Incident Response: Psrecon

Psrecon is an open source script that you can use to gather data from a remote Windows host using PowerShell (v2 or later), organizes the data into folders, hashes all extracted data, hashes PowerShell and various system properties, and sends the data off to the security team. The data can be pushed to a share,…

FalconGate – A smart gateway to stop hackers and Malware attacks

Motivation Cyber attacks are on the raise. Hacker and cyber criminals are continuously improving their methods and building new tools and Malware with the purpose of hacking your network, spying on you and stealing valuable data. Recently a new business model has become popular among hackers: the use of Ransomware to encrypt your data and…